krb Authenication & ldap Authorization

tnt at tnt at
Mon Nov 17 16:18:30 CET 2008

>I need to use radius to AUTHENTICATE users and then once they are
>authenticated have it pass it over to and LDAP server for Authorization,
>I believe this is possible with radius but if anyone has any experience
>with this or good links for setting it up I would appreciate it.
>List info/subscribe/unsubscribe? See

Freeradius first does authorization (and pulls all the attributes, not
just password) and then authentication.

1. Configure ldap module in raddb/modules/ldap

2. Uncomment ldap in authorize section of the default virtual server

3. Create auth type for krb authentication. Add:

Auth-Type Kerberos {

to *all* enabled virtual servers (all need to recognize the entry in
users file)

4. Add:

DEFAULT   Auth-Type = Kerberos

to users file.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list