Additional Step for Authentication
Good Morning We have FreeRadius authenticating users via AD. We want to perform an additional step of Authorization based on "Time Allowed to Login" We have an API that will already check if the User is allowed in based on their login time. What documentation can I look at to create the script? Basically if FreeRadius checks AD and thats good....then to make the additional check against our API and then to respond to the NAS that logging in is allowed. Let me know and I will start to research. Thanks
All depends on the NAS . Obviously you send back an access accept to let the device know the user can login, reject otherwise. You can send the session time allowed to the NAS if its capable. For API usage, that's up to you how you integrate eg with perl, python etc but faster and easier results if you can just pull the value out with LDAP :) On Fri, 16 Mar 2018, 12:10 Christian Becerra, <chris@sapomiami.com> wrote:
Good Morning
We have FreeRadius authenticating users via AD. We want to perform an additional step of Authorization based on "Time Allowed to Login"
We have an API that will already check if the User is allowed in based on their login time.
What documentation can I look at to create the script? Basically if FreeRadius checks AD and thats good....then to make the additional check against our API and then to respond to the NAS that logging in is allowed.
Let me know and I will start to research.
Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan Buxey -
Christian Becerra