Thanks for your reply, Fajar. In your example, is the wireless access point the "client" that I've seen referred to in some of the FreeRADIUS documentation? If yes, then I would have these three "clients": 1. Apache web server 2. Open-Xchange server (java-based) 3. Postfix + Dovecot mail server So, my "clients" should pass a userid/password to FreeRADIUS and receive back an accept or reject from FreeRADIUS? Thomas -----Original Message----- From: freeradius-users-bounces+thomas_reeves=verizon.net@lists.freeradius.org [mailto:freeradius-users-bounces+thomas_reeves=verizon.net@lists.freeradius. org] On Behalf Of Fajar A. Nugraha Sent: Monday, July 05, 2010 1:44 AM To: FreeRadius users mailing list Subject: Re: What Next?? On Mon, Jul 5, 2010 at 12:20 PM, Thomas Reeves <thomas_reeves@verizon.net> wrote:
I have a FreeBSD-based gateway server running pfSense software.
I want to authenticate and authorize all incoming http(s) requests before allowing access to any back-end services.
However, I seemed to have missed something fundamental about the FreeRADIUS server what do I do next?? How do I attach FreeRADIUS to the inbound TCP stream to accept/reject requests??
That question would be better addressed to pfSense support/discussion list. radius does not really care what the end usage is, it simply provides Authentication, Authorization, and Accounting (AAA). Here's a similar example: you can limit which users are allowed to use wireless network on your office by listing the users and their respective password on a radius server. But to get the actual limitation to work, you need to configure your wireless access point to "ask" radius whether a particular user/password combination is allowed. Does this make sense so far? -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html