Sorry! s/so/sorry in OP!!!!
From:
freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org] On Behalf Of Gary Gatten
Sent: Friday, August 21, 2009
10:34 AM
To: FreeRadius users mailing list
Subject: How to handle multiple
NAS's, auth requirements, etc.
Hello, so for the BASIC question! First, is there any
docs that explain the concepts of how all the various pieces of FR tie
together? I’ve read a bunch of stuff and am making some headway,
but some of the architecture and process flow still escapes me. If I can
gain a better understanding of the internals I could probably resolve most of
my own questions and better contribute to the community as well!
Now, the question:
We have various environments that need to authenticate and
authorize using FR: VPN connections with something like (if member of
“VPNGroup” then permit, else deny); vty login to network gear with
(if member of “NetEngGroup” then permit, else deny); and 802.1x
with dynamic VLAN assignment. I plan to use ntlm_auth for all of these to
hit AD on the backend.
The problem I’m having is grasping how I can do
this? Do I need separate instances of FR? A bunch of
“if then/else” clauses somewhere? How does FR know what
type of auth is required? Am I making this more complicated than it
really is?
TIA for the help! In the mean time I’ll keep
reading and playing!
"This email is intended to be reviewed by only the intended
recipient and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that any review,
use, dissemination, disclosure or copying of this email and its attachments, if
any, is strictly prohibited. If you have received this email in error, please
immediately notify the sender by return email and delete this email from your
system."