krb Authenication & ldap Authorization
tnt at kalik.net
tnt at kalik.net
Mon Nov 17 16:18:30 CET 2008
>I need to use radius to AUTHENTICATE users and then once they are
>authenticated have it pass it over to and LDAP server for Authorization,
>I believe this is possible with radius but if anyone has any experience
>with this or good links for setting it up I would appreciate it.
>
>Thanks,
>
>LB
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
Freeradius first does authorization (and pulls all the attributes, not
just password) and then authentication.
1. Configure ldap module in raddb/modules/ldap
2. Uncomment ldap in authorize section of the default virtual server
(raddb/sites-enabled/default)
3. Create auth type for krb authentication. Add:
Auth-Type Kerberos {
krb5
}
to *all* enabled virtual servers (all need to recognize the entry in
users file)
4. Add:
DEFAULT Auth-Type = Kerberos
to users file.
http://wiki.freeradius.org/index.php/Rlm_krb5
http://wiki.freeradius.org/index.php/Rlm_ldap
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list