On 2.10.2014 18.48, David Zych wrote: > It's taken me longer than I had hoped to circle back around to this, but > I wanted to say thanks very much for the new patches! I am using them > now to cope much more gracefully if one of my back-end "worker" > processes gets stalled by an external dependency (i.e. ntlm_auth). > > Here are the key pieces, for the benefit of anyone else trying to > accomplish something similar.
Thanks for the update David. The patch in Radiator 4.13 patch set has not changed, so what you are using will work with the next release too. There's also one recent change that might be useful to you and the other AuthBy NTLM users. The Group configuration parameter now accepts multiple group names. If you configure, for example, this on Ubuntu 12.04: User radiator Group radiator,winbindd_priv Radiator will set the supplementary groups to winbindd_priv. Any files, such as logs, will be created with radiator:radiator ownership since the primary group is radiator. Now, when radius starts a new ntlm_auth process this ntlm_auth process can access the winbindd socket since it's a member of winbindd_priv group. This allow AuthBy NTLM to work without running radiusd as root. One might have tried to use sudo for something similar already, but now the Group option can also be used to specify the groups. If there are group names that can not be resolved, then radiusd will not try to switch groups Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
