Configuration Question
Rupert Finnigan
rupert.finnigan at googlemail.com
Fri Sep 26 10:12:44 CEST 2008
Hi,
This isn't a question about a problem, rather a "best practise" sort of
thing...
I've currently got a FreeRadius installation servicing a number of Cisco
units providing WPAv2 Auth against MS AD. This works great.
I need to expand my setup a bit, and am looking for guidance/advise as to
how best to configure the server to get what I want.
I can slip my users into two sets - a "head office" set, and a "regional"
set. The Head Office guys will need to be able to gain access anywhere, but
the regional guys will only need to get access to either one, or a couple of
networks in regional locations. E.g., Regional User 1 can access the network
in Region 1 only, but Regional User 2 can access the network in Regions 1 &
2...
The Head Office guys are all authenticated by AD, and I'm planning on having
the Regional Guys stored in a Postgresql Database, probably with a matrix
arrangement to store the information relating to the regions they're allowed
access to.
Additionally, it would be good to be able to have two difference root CA's -
largely for political reasons.
So far, I'm thinking two domains each with a virtual server, an initial
proxy to hand requests to the two virtual servers based on domain, and then
a bit of perl moduling to determine which Regions each Regional guy is
allowed access to.
I'd be very grateful for advise/experience to streamline this a bit, or tell
me I'm an idiot and there's a much simpler way!
Many Thanks,
Rupert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080926/b3e94eca/attachment.html>
More information about the Freeradius-Users
mailing list