How to handle multiple NAS's, auth requirements, etc.
Ivan Kalik
tnt at kalik.net
Fri Aug 21 17:52:44 CEST 2009
> Hello, so for the BASIC question! First, is there any docs that explain
> the concepts of how all the various pieces of FR tie together?
Read the debug - it will tell you what server does when it starts and when
it processes the request.
> We have various environments that need to authenticate and authorize
> using FR: VPN connections with something like (if member of "VPNGroup"
> then permit, else deny); vty login to network gear with (if member of
> "NetEngGroup" then permit, else deny); and 802.1x with dynamic VLAN
> assignment. I plan to use ntlm_auth for all of these to hit AD on the
> backend.
>
> The problem I'm having is grasping how I can do this? Do I need
> separate instances of FR?
No.
> A bunch of "if then/else" clauses somewhere?
Yes, see man unlang. Configure AD in ldap module and use Ldap-Group to
test membership.
> How does FR know what type of auth is required?
If you configure ntlm_auth statement in mschap module it will use it. Read
AD integration guide:
http://deployingradius.com/documents/configuration/active_directory.html
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list