Authenticating groups via LDAP
John Maher
john at chem.umass.edu
Sun May 23 20:01:17 CEST 2010
On 05/23/2010 11:27 AM, Alan DeKok wrote:
> authorization != authentication
>
> If there isn't a password... the user can't be authenticated. The
> debug log shows this.
Yes, obviously an important distinction. But where my mind goes
immediately is "why is it that if I enter an incorrect password for that
user that the user fails to gain access, but a correct password results
in access granted?". But I imagine the answer is more complicated than
the difference between authentication and authorization, and probably
has something to do with some other authentication routine that takes
place later. I have a lot to learn.
>> Anyway, a good resource for understanding how radius and its modules do
>> their jobs would be good to know about.
>
> doc/rlm_ldap explains how the LDAP module is used, and how the
> "access" is checked.
>
> Again... this *is* documented. The filenames shouldn't be hard to
> figure out: doc/rlm_ldap should be pretty easy to find.
>
> doc/aaa.txt explains how the authentication process works.
>
> While the documentation isn't perfect, I'm not sure what you want.
> The questions you're asking are answered in the existing documentation,
> which is reasonably well organized. (try: ls doc/*ldap* ...)
Thanks for the direction. I'll study those now.
John
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list