krb Authenication & ldap Authorization
Lisa Besko
besko at msu.edu
Mon Nov 17 18:11:37 CET 2008
Thanks for the clarification. It seems backward to me but maybe that
will become clearer as I work with it.
Either way I think I can work with it.
LB
tnt at kalik.net wrote:
>> I need to use radius to AUTHENTICATE users and then once they are
>> authenticated have it pass it over to and LDAP server for Authorization,
>> I believe this is possible with radius but if anyone has any experience
>> with this or good links for setting it up I would appreciate it.
>>
>> Thanks,
>>
>> LB
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>
> Freeradius first does authorization (and pulls all the attributes, not
> just password) and then authentication.
>
> 1. Configure ldap module in raddb/modules/ldap
>
> 2. Uncomment ldap in authorize section of the default virtual server
> (raddb/sites-enabled/default)
>
> 3. Create auth type for krb authentication. Add:
>
> Auth-Type Kerberos {
> krb5
> }
>
> to *all* enabled virtual servers (all need to recognize the entry in
> users file)
>
> 4. Add:
>
> DEFAULT Auth-Type = Kerberos
>
> to users file.
>
> http://wiki.freeradius.org/index.php/Rlm_krb5
>
> http://wiki.freeradius.org/index.php/Rlm_ldap
>
> Ivan Kalik
> Kalik Informatika ISP
More information about the Freeradius-Users
mailing list