Some questions about freeRADIUS implementation, PLEASE HELP ME!!

Guy Davies Guy.Davies at telindus.co.uk
Thu Sep 8 21:59:41 CEST 2005


Here my doubt:
I am using EAP-TLS
I generated a client Certificate with CN "redes"

then I add at LDAP database a user with these
atributes

cn: redes
uid: redes
radiusGroupName: academicos
..others Attributes
but without userpassword

and in the users file i add:

DEFAULT        Ldap-Group == academicos,
Simultaneous-Use := 1
              Aruba-User-Role = "STAFF",

A user with client certificate can access at Wireless
network and get the Role STAFF perfectly, but the
process of authentication and authorization seems like
very very redundant, is normal that?. I attach the
file  of process auth.

[GD] Hi Alfonso,

The authentication and authorization are different things.  Authentication is asking may this user connect.  Authorization is asking once this user has connected (i.e. Authentication has passed) what may they do (e.g. what type of user are they [student/staff], what VLAN should they be associated with, what is their access level [e.g. on Cisco routers = 1 to 15])

That allows you to provide more than a simple yes/no answer to the request to login.

Rgds,

Guy

This e-mail is private and may be confidential and is for the intended recipient only.  If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed.  If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it.  We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free.  You should undertake your own virus checking.  The right to monitor e-mail communications through our network is reserved by us. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050908/58dadac2/attachment.html>


More information about the Freeradius-Users mailing list