Hi, first of all: thanks for your great work.
Now the feedback: I built the freeradius 3.0.12 packages for jessie on my own based on your experimental sources. Over all that worked fine but I needed the debhelper bpo-version. The configuration looks unfamiliar but that is I suppose normal for a major release change and it is well documented upstream. What I am still urgently missing is a working reference documentation on how to use ntlm_auth with freeradius. The samba folks changed the winbindd_privileged socket to 750 so changing the group on the folder does not change a lot as the group is not allowed to write to the socket. My current solution is an additional sudoers entry like this: ~# cat /etc/sudoers.d/freerad # allow freeradius to access private winbind socket freerad ALL=(root) NOPASSWD: /usr/bin/ntlm_auth And then I prepend "sudo" within the mschap module to the ntlm call. Tell me if you prefer other solutions like SUID/SGID bits or something. Changing the socket permissions dose not work as they are restored on a winbindd restart. But freeradius is not the only software depending on ntlm_auth, so this should be documented somewhere popular. The LDAP-Group problems I encountered using 2.x releases are gone so far, so that I need to stick with 3.x for productional use. So from my point: Thumbs up for 3.x packages please try to get them into the official jessie-backports, I'd be glad. Regards, Markus
