Radius integration with LDAP (SASL)

Alan DeKok aland at deployingradius.com
Tue Jan 17 16:07:43 CET 2012


John Dennis wrote:
> I have an alternate explanation. People construct convoluted systems
> because they lack a clear mental model of what is going on. Without an
> overarching understanding they either flail about or they take what they
> presume is the shortest path to a solution (e.g. LDAP can authenticate,
> I'll just use that).

  They lack a clear process.  The *correct* process is documented in the
radiusd "man" page, the wiki, and elsewhere.  The EAP "howto" on my web
page walks through this process in excruciating detail.

  Ignorance is understandable.  You have *never* seen be get annoyed at
someone for being ignorant.  You *have* seen me get annoyed at people
who refuse to learn.

> What is really missing is a simple document which ties all the pieces
> together so a newbie can form a mental model and design a uncomplicated
> efficient system. (Yes, I know, an old topic)

  Yup.

> I'm willing to bet most of the old hands on this list were also
> befuddled early on and the clarity was only arrived at by diligently
> peeling back the layers and learning each piece of the puzzle.

  For me, "diligent" == "having a good method".

  Method is *more* important than memorizing information. Why would you
do that?  You can get information about anything via "google".

> That's
> not something a sys admin can do when he/she is given a week to deploy a
> RADIUS solution especially if they haven't had extensive formal training
> with networking, system services and authentication.

  Yup.  If I know nothing about car maintenance, I expect my mechanic to
get annoyed when I try to do it myself, ask him questions, *and* make it
clear I haven't read the manual.

  Alan DeKok.



More information about the Freeradius-Users mailing list