Any way to implement privileges-granting as I configure in 'users'
Alan DeKok
aland at deployingradius.com
Fri Nov 17 14:51:09 CET 2017
On Nov 17, 2017, at 4:15 AM, luckydog xf <luckydogxf at gmail.com> wrote:
> Currently I'm using 'users file to authorize users against login on our
> network device like Switches.
> ...
> But I want to intergrate it with FreeIPA( which provides a LDAP service),
> which brings the benefit of using one-time-password(see this
> https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7
> )
Sure... one-time passwords don't always work, though. Specifically, with EAP / WiFi.
> Apparently it's easy to configure user's account, but is there any way to
> handle the privileges related stuff like 'Huawei-Exec-Privilege = "3",' in
> LDAP?
Yes.
> And by the way, how is 'authenticate section' in 'site-enabled/default'
> called? I'm a littble bit confused. Can I say that 'authenticate section is
> useless
Uh... no. It's there for a reason. If you read the comments in the configuration file, they will tell you what it does, and why it's used.
> and
>
> would NEVER be called unless I add "Auth-Type:= FOO" in the 'authorize
> section' ? I guess this from the comment of 'default' .
You "guess"? What part of the documentation requires guessing?
Alan DeKok.
More information about the Freeradius-Users
mailing list