[Pkg-freeradius-maintainers] Bug#797181: freeradius: packaging 3.0.x

Michael Stapelberg stapelberg at debian.org
Sat Nov 5 10:28:19 UTC 2016 

Thanks for the report!

On Wed, Oct 26, 2016 at 10:24 AM, Markus Wigge <markus at cultcom.de> wrote:

> Hi,
>
> first of all: thanks for your great work.
>
> Now the feedback:
> I built the freeradius 3.0.12 packages for jessie on my own based on
> your experimental sources.
> Over all that worked fine but I needed the debhelper bpo-version.
>
> The configuration looks unfamiliar but that is I suppose normal for a
> major release change and it is well documented upstream.
>

Yes, the /usr/share/doc/freeradius/NEWS.Debian.gz file contains the
appropriate pointers.


>
> What I am still urgently missing is a working reference documentation on
> how to use ntlm_auth with freeradius.
>
> The samba folks changed the winbindd_privileged socket to 750 so
> changing the group on the folder does not change a lot as the group is
> not allowed to write to the socket.
>
> My current solution is an additional sudoers entry like this:
> ~# cat /etc/sudoers.d/freerad
>
> # allow freeradius to access private winbind socket
> freerad ALL=(root) NOPASSWD: /usr/bin/ntlm_auth
>
> And then I prepend "sudo" within the mschap module to the ntlm call.
>
> Tell me if you prefer other solutions like SUID/SGID bits or something.
> Changing the socket permissions dose not work as they are restored on a
> winbindd restart.
>
> But freeradius is not the only software depending on ntlm_auth, so this
> should be documented somewhere popular.
>

Sorry, I have no clue about NTLM. Someone else will need to assist with
that.


>
> The LDAP-Group problems I encountered using 2.x releases are gone so
> far, so that I need to stick with 3.x for productional use.
>
> So from my point: Thumbs up for 3.x packages please try to get them into
> the official jessie-backports, I'd be glad.
>
> Regards,
> Markus
>



-- 
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-freeradius-maintainers/attachments/20161105/5e3e06f6/attachment.html>

More information about the Pkg-freeradius-maintainers mailing list