Using Groups to Limit Authentication to Network Devices
Peter Lambrechtsen
plambrechtsen at gmail.com
Sat Mar 27 06:46:25 CET 2010
On Sat, Mar 27, 2010 at 3:00 AM, Doug Warner <doug at warner.fm> wrote:
> I'm trying to setup freeradius to authenticate users via LDAP but pull
> group
> information via MySQL. I currently only need radius for authentication to
> network devices (switches, PDUs, etc) but want to make sure I set it up so
> that I don't shoot myself in the foot later.
>
> In trying to get the correct attributes assigned to a group I've noticed
> that
> I need to set Fall-Through on each group that a user belongs to in order to
> have later groups evaluated. Is there a better way that I can say
> something
> like, "this client should check for access from these groups" so that I
> only
> need to set Fall-Through on certain groups instead of all?
>
Why not just use LDAP all together for your group based auth. This is how I
do it and it works well, and doesn't need any schema extensions.
http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg00001.html
Then all you have to do is modify the hostgroups & postauth_users file when
you add new NAS's.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100327/c732fb5a/attachment.html>
More information about the Freeradius-Users
mailing list