[Pkg-freeradius-maintainers] ntlm group check
Michael Stapelberg
stapelberg at debian.org
Sat Nov 5 10:29:24 UTC 2016
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797181#74 seems related.
On Tue, Nov 1, 2016 at 8:04 AM, Engler, Ralph <
Ralph.Engler at landkreis-mittelsachsen.de> wrote:
> Hello,
>
> I use freeradius with ntlm_auth on Debian 8 for a while and it has worked
> fine.
>
> I also use ntlm to check the membership of a group.
>
> I realized it with this code in the post-auth section
>
> post-auth {
>
> if (NAS-Identifier == "wlan-Intern") {
>
> if (!(Group == "DOMAIN\\SW_WLAN_User") ) {
>
> update reply {
>
> Reply-Message = "User not allowed %{User-Name} "
>
> }
>
> reject
>
> }
>
> This has worked until I updated debian 8 with the new security fixes.
> After the update the result of Group == "DOMAIN\\SW_WLAN_User" is always
> false.
>
> I tested in a sandbox and found out that the error occurs with winbind
> package version 2:4.2.10+dfsg-0+deb8u3 With version 2:4.1.17 everything
> was fine.
>
> The Authentication is still working, only this Group check doesn’t work
> anymore. Do you have any ideas?
>
> Best Regards
>
>
>
> Ralph
>
> _______________________________________________
> Pkg-freeradius-maintainers mailing list
> Pkg-freeradius-maintainers at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-
> freeradius-maintainers
>
>
--
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-freeradius-maintainers/attachments/20161105/e84649df/attachment-0001.html>
More information about the Pkg-freeradius-maintainers
mailing list