[Pkg-freeradius-maintainers] ntlm group check
Engler, Ralph
Ralph.Engler at landkreis-mittelsachsen.de
Tue Nov 1 07:04:16 UTC 2016
Hello,
I use freeradius with ntlm_auth on Debian 8 for a while and it has worked fine.
I also use ntlm to check the membership of a group.
I realized it with this code in the post-auth section
post-auth {
if (NAS-Identifier == "wlan-Intern") {
if (!(Group == "DOMAIN\\SW_WLAN_User") ) {
update reply {
Reply-Message = "User not allowed %{User-Name} "
}
reject
}
This has worked until I updated debian 8 with the new security fixes. After the update the result of Group == "DOMAIN\\SW_WLAN_User" is always false.
I tested in a sandbox and found out that the error occurs with winbind package version 2:4.2.10+dfsg-0+deb8u3 With version 2:4.1.17 everything was fine.
The Authentication is still working, only this Group check doesn't work anymore. Do you have any ideas?
Best Regards
Ralph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-freeradius-maintainers/attachments/20161101/fffd963d/attachment.html>
More information about the Pkg-freeradius-maintainers
mailing list