LDAP Module only for Authorization and not for Authentication

Alan DeKok aland at deployingradius.com
Fri May 23 17:14:28 CEST 2008


HRZ Konten wrote:
> I have Freeradius 1.1.7 and use it to check user and password with pam
> module.

  I would suggest upgrading to 2.0.4.

> The pam module uses pam_afs.so library to check in the kerberos IV
> server. I want to keep this configuration but additionaly to make a
> check for groups in LDAP.
> Something like:
> 1. Authorize Huntgroup-Name== xxx, Ldap-Group==xxx....
> 2. Authenticate user + password through pam
> 
> Can I do authorization with LDAP and then authenticate with pam?

  Yes.  But I'm not sure what you mean by that.  If you check the LDAP
group, what do want to do with the result?  Reject users NOT in an LDAP
group?  Please explain.

> When I use a remote LDAP-Server, should I configure some special modules
> during the installation of radius?

  You will need the rlm_ldap module.  It depends on the OpenLDAP
development libraries and headers.

  Alan DeKok.



More information about the Freeradius-Users mailing list