Grouping after Kerberos 5 authentication accepted?
Jason Chan
jchan2 at utm.utoronto.ca
Fri Apr 20 15:07:11 CEST 2007
Hello Alan,
It works! After I changed the authorize_check_query the FreeRadius is
now able to check for attributes after Kerberos authentications. Thanks!
Regards,
Jason
-----Original Message-----
From: Alan DeKok [mailto:aland at deployingradius.com]
Sent: Thursday, April 19, 2007 8:13 PM
To: jchan2 at utm.utoronto.ca; FreeRadius users mailing list
Subject: Re: Grouping after Kerberos 5 authentication accepted?
Jason Chan wrote:
> For example, Kerberos successfully authenticate admin/admin (yes I
> don't use MySQL for authentication), and FreeRadius knows this user
> has permission to access. Now, in the postauth part, FreeRadius
> searches the radreply table in its MySQL database for the proper
> attributes that this particular user has, say Service-Type =
> Administrative-User. I store these attribute information in radreply
> table and leave other tables empty.
>
> So, I edited the postauth_query in sql.conf:
I think for historical reasons, you have to perform the query in the
authorize section.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.5.4/768 - Release Date: 4/19/2007
5:32 AM
More information about the Freeradius-Users
mailing list