group authorization
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Mar 28 13:08:30 CET 2014
>> i will point out at this time that "tens of thousands of others" who are
>> using FreeRADIUS with LDAP successfully either got lucky and have
>> posixGroup groups being matched, figured this out and have not
>> sought/provided clarification on the subject, or are not doing what i am
>> doing with LDAP.
>
> Count me as one of the lucky ones who's gotten it working with my
> posixGroup groups, and who don't fetch avpairs from the groups.
>
> I agree that freeradius definitely doesn't pass the grandma test.
The majority of configuration files are well documented.
For the one's which aren't, feel free to send pull requests.
You don't even need to understand git, github has a built in text editor, just fork the server, make your changes, and whack the pull request button. The barrier to contributing couldn't be much lower.
> 113
> files in /etc/raddb seems a but much,
There a metric shit ton (51 in master) modules for the server, and several sub-modules. Should we merge all the configs into one big monolithic file, would that make the server easier to manage?
> so I've been struggeling for a very
> long time trying to understand which files needs changes to achive what.
Global server configuration options:
radiusd.conf
Policy:
sites-enabled/default
Modules:
mods-available/*
Things used by modules:
mods-config/*
> But I guess this also is part of the power of freeradius. A lot of stuff
> is implemented, and is tweakable in the modules/ and sites-*/ files.
> I'm getting ready to dig into "unlang" myself to try to define a access
> regime of groups of NAS'es and groups of people. It looks like it should
> be able to do just about anything.
Yes, and if you can't do it in unlang, you can do it in perl, python, or ruby (don't do it in ruby), or, with recent versions, write a web API in your favourite crappy web development language and write all your logic there instead.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140328/ac7b6d26/attachment.pgp>
More information about the Freeradius-Users
mailing list