Radius integration with LDAP (SASL)
John Dennis
jdennis at redhat.com
Tue Jan 17 15:56:33 CET 2012
>> I guess he needs to set "Auth-Type"... I don't know why people construct
>> these Heath Robinson systems that make their lives difficult!
> Because they believe complicated systems are better. Because they
> can't follow instructions. Because they think they know better than
> people who've been doing it for 10+ years. Maybe all/some of the above.
Never ascribe to malice what can be attributed to ignorance.
I have an alternate explanation. People construct convoluted systems
because they lack a clear mental model of what is going on. Without an
overarching understanding they either flail about or they take what they
presume is the shortest path to a solution (e.g. LDAP can authenticate,
I'll just use that).
What is really missing is a simple document which ties all the pieces
together so a newbie can form a mental model and design a uncomplicated
efficient system. (Yes, I know, an old topic)
I'm willing to bet most of the old hands on this list were also
befuddled early on and the clarity was only arrived at by diligently
peeling back the layers and learning each piece of the puzzle. That's
not something a sys admin can do when he/she is given a week to deploy a
RADIUS solution especially if they haven't had extensive formal training
with networking, system services and authentication.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list