Hello, so for the BASIC question! First, is there any
docs that explain the concepts of how all the various pieces of FR tie together?
I’ve read a bunch of stuff and am making some headway, but some of the
architecture and process flow still escapes me. If I can gain a better
understanding of the internals I could probably resolve most of my own
questions and better contribute to the community as well!
Now, the question:
We have various environments that need to authenticate and
authorize using FR: VPN connections with something like (if member of “VPNGroup”
then permit, else deny); vty login to network gear with (if member of “NetEngGroup”
then permit, else deny); and 802.1x with dynamic VLAN assignment. I plan
to use ntlm_auth for all of these to hit AD on the backend.
The problem I’m having is grasping how I can do
this? Do I need separate instances of FR? A bunch of “if
then/else” clauses somewhere? How does FR know what type of auth is
required? Am I making this more complicated than it really is?
TIA for the help! In the mean time I’ll keep
reading and playing!