Authentication and Authorization

[Alan DeKok]

Alex Gregory wrote:
> Thank you for the link.  I have the OTP working on a test server now with proxying.  The problem is the hosted OTP server does not supply any group or attribute information back yet like this Wikid server does.

  There are no standard RADIUS attributes which carry that information.
 If you need it, the OTP server may not even be able to send that
information in RADIUS.

>  But I have two different user groups for two different networks (Corp and Dev users) that need to be differentiated.
> 
> In production have two virtual radius servers each doing an LDAP lookup into a different group.  If a user tries to access the incorrect network they are denied because they are not in that group.  Works great.  If I alter the server to proxy the request with the LDAP module configured will it handle things properly?

  LDAP lookups are completely independent of proxying.

  If configured correctly, it should work.

  Alan DeKok.