How to configure FreeRADIUS for Kerberos and LDAP

Brendan Kearney bpk678 at gmail.com
Tue Jan 27 19:41:51 CET 2015


On Sat, 2014-05-31 at 11:20 +0100, Arran Cudbard-Bell wrote:
> On 31 May 2014, at 02:20, Brendan Kearney <bpk678 at gmail.com> wrote:
> 
> > i have put together a doc to assist in the configuration of FreeRADIUS
> > to use Kerberos for authentication (AuthN) and LDAP for authorization
> > (AuthZ).
> 
> Nice, thanks.
> 
> >  I have modelled the configs after my environment, and taken
> > into account the design and implementations choices i have made.  others
> > may have different needs, so some directives or values may need to be
> > changed based on those needs.  i make no guarantees that my configs will
> > work in your environment.
> > 
> > i have tried to use simple language, but be concise, precise and
> > accurate.  if points are ambiguous, lacking clarity or leave room for
> > misinterpretation, please provide constructive feedback.
> 
> This sort of methodology:
> 
> 	•	cp authorize authorize-$(date +”%b.%d.%Y”)-01
> 	•	cp authorize authorize-$(date +”%b.%d.%Y”)-02
> 
> Is quite outdated. The configuration should be kept under git version
> control or similar, and git show/diff etc... used to examine sets of
> changes.
> 
> Git can also be used as a management framework, for automatically pushing
> new configurations out to clusters of servers. There are example 
> scripts for this in the scripts/ dir of the src.
> 
> But the rest of the doc looks ok. It'd be more useful on the wiki if anyone
> feels like transcribing it.
> 
> -Arran
> 
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
> 
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

updated version, includes steps to add schemas to LDAP, and now points
to LDAP for client definitions.  Tested and found to be working on
Fedora 20.


More information about the Freeradius-Users mailing list