aaa authentication login and dot1x with one server
Sascha Frey
sfrey at TechFak.Uni-Bielefeld.DE
Sun Aug 29 21:35:51 CEST 2010
Hi all,
I'm trying to set up freeradius to authenticate users logging in to our
switches (Cisco IOS) and provide authentication for 802.1X.
1. SSH/Telnet access to our switches for admin users (aaa authentication
login)
- Every user who is able to login to the server running freeradius
should be able to login to the switches (Linux server with
libpam-ldapd (nslcd) and pam_access.so to limit access by netgroup)
- Using PAM seems to be the right way (direct access to the LDAP
database would allow all users and not only certain users with
membership in the admin netgroup (pam_access with
/etc/security/access.conf)
2. IEEE 802.1X with EAP-TTLS and dynamic VLAN assignment (aaa
authentication dot1x)
- Using the freeradius LDAP module (direct access to the LDAP
database)
- 802.1X users are in a separate subtree (ou=dot1x,dc=example,dc=com)
How do I setup freeraius to use PAM for authenticating users?
How do I combine both functions with different auth methods in one
server?
I found some howtos for #2, which doesn't seem to be the problem.
I appreciate any help.
Regards
Sascha
More information about the Freeradius-Users
mailing list