Thanks for the clarification. It seems backward to me but maybe that will become clearer as I work with it. Either way I think I can work with it. LB tnt@kalik.net wrote:
I need to use radius to AUTHENTICATE users and then once they are authenticated have it pass it over to and LDAP server for Authorization, I believe this is possible with radius but if anyone has any experience with this or good links for setting it up I would appreciate it.
Thanks,
LB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius first does authorization (and pulls all the attributes, not just password) and then authentication.
1. Configure ldap module in raddb/modules/ldap
2. Uncomment ldap in authorize section of the default virtual server (raddb/sites-enabled/default)
3. Create auth type for krb authentication. Add:
Auth-Type Kerberos { krb5 }
to *all* enabled virtual servers (all need to recognize the entry in users file)
4. Add:
DEFAULT Auth-Type = Kerberos
to users file.
http://wiki.freeradius.org/index.php/Rlm_krb5
http://wiki.freeradius.org/index.php/Rlm_ldap
Ivan Kalik Kalik Informatika ISP