[Pkg-freeradius-maintainers] ntlm group check

Michael Stapelberg stapelberg at debian.org
Sat Nov 5 10:29:24 UTC 2016


https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797181#74 seems related.

On Tue, Nov 1, 2016 at 8:04 AM, Engler, Ralph <
Ralph.Engler at landkreis-mittelsachsen.de> wrote:

> Hello,
>
>  I use freeradius with ntlm_auth on Debian 8 for a while and it has worked
> fine.
>
>  I also use ntlm to check the membership of a group.
>
> I realized it with this code in the post-auth section
>
>  post-auth {
>
>            if (NAS-Identifier == "wlan-Intern") {
>
>              if (!(Group == "DOMAIN\\SW_WLAN_User") ) {
>
>                update reply {
>
>                  Reply-Message = "User not allowed %{User-Name} "
>
>                }
>
>                reject
>
>              }
>
>  This has worked until I updated debian 8 with the new security fixes.
> After the update the result of Group == "DOMAIN\\SW_WLAN_User" is always
> false.
>
> I tested in a sandbox and found out that the error occurs with winbind
> package version 2:4.2.10+dfsg-0+deb8u3  With version 2:4.1.17 everything
> was fine.
>
> The Authentication is still working, only this Group check doesn’t work
> anymore. Do you have any ideas?
>
> Best Regards
>
>
>
> Ralph
>
> _______________________________________________
> Pkg-freeradius-maintainers mailing list
> Pkg-freeradius-maintainers at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-
> freeradius-maintainers
>
>


-- 
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-freeradius-maintainers/attachments/20161105/e84649df/attachment-0001.html>


More information about the Pkg-freeradius-maintainers mailing list