Freeradius, Active Directory and User's Group
Lincoln Zuljewic Silva
lincolnzsilva at gmail.com
Tue Mar 30 06:17:15 CEST 2010
Hi Peter,
I will give that instruction a try and return to you/to the list the results.
Thanks!
Lincoln
On Tue, Mar 30, 2010 at 1:12 AM, Peter Lambrechtsen
<plambrechtsen at gmail.com> wrote:
> The best way is to follow what I suggested in this post.
>
> http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg00001.html
>
> We authenticate a group of 5620's and 7210's in our environment too using
> that exact same method.
>
> Now that the Timetra (now Lucent) Dictionary is in 2.1.8 thanks to me
> (shameless plug) it should be easy.
>
> Any questions you can send them to me off-list if you need more help.
>
> On Tue, Mar 30, 2010 at 10:12 AM, Gary Gatten <Ggatten at waddell.com> wrote:
>>
>> Yup - that's what I was talking about.
>>
>> You can use variables, but if you need to enumerate a users group
>> memberships - then yea you'll need LDAP.
>>
>> G
>>
>>
>> -----Original Message-----
>> From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
>> [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org]
>> On Behalf Of Lincoln Zuljewic Silva
>> Sent: Monday, March 29, 2010 4:08 PM
>> To: FreeRadius users mailing list
>> Subject: Re: Freeradius, Active Directory and User's Group
>>
>> Gary
>>
>> Are you talking about the "--require-membership-of" parameter of
>> ntlm_auth?
>>
>> If yes, I can't use it because is a "randon" situation.
>>
>> The Alcatel software has a list of all groups that can login and their
>> appropriate permissions. The freeradius has to see what are the user
>> groups that the user are member of and reply it to Alcatel software.
>>
>> John,
>>
>> I will check out this "reply attribute" and see if it works for me...
>>
>> Regards
>> Lincoln
>>
>> On Mon, Mar 29, 2010 at 5:53 PM, Gary Gatten <Ggatten at waddell.com> wrote:
>> > FWIW, I do group checking with SAMBA. I'm not in front of my system,
>> > but there's an arg one can pass to the Samba util exe where it will validate
>> > uname, password, and group membership. This should work for most "simple"
>> > confs, although I can certainly envision situations where LDAP may be
>> > required.
>> >
>> > ----- Original Message -----
>> > From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
>> > <freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org>
>> > To: FreeRadius users mailing list
>> > <freeradius-users at lists.freeradius.org>
>> > Sent: Mon Mar 29 15:26:57 2010
>> > Subject: Re: Freeradius, Active Directory and User's Group
>> >
>> > Understood, but the freeradius will be able to return this group
>> > information to the Alcatel device?
>> >
>> > Regards
>> > Lincoln
>> >
>> > On Mon, Mar 29, 2010 at 5:10 PM, John Dennis <jdennis at redhat.com> wrote:
>> >> On 03/29/2010 04:02 PM, Lincoln Zuljewic Silva wrote:
>> >>>
>> >>> I'm sorry.
>> >>>
>> >>> I forgot to mention that I'm not using LDAP, but Samba to integrate
>> >>> the freeradius with AD.
>> >>
>> >> O.K. I presume you're using samba for authentication, but where are you
>> >> storing the information about which groups a user is in? I presume it's
>> >> in
>> >> AD. AD is an ldap server that you can query during authorization which
>> >> is
>> >> when and where you would do the group check.
>> >> --
>> >> John Dennis <jdennis at redhat.com>
>> >>
>> >> Looking to carve out IT costs?
>> >> www.redhat.com/carveoutcosts/
>> >> -
>> >> List info/subscribe/unsubscribe? See
>> >> http://www.freeradius.org/list/users.html
>> >>
>> >
>> >
>> >
>> > --
>> > Lincoln Zuljewic Silva
>> > More contact info.: http://www.system.adm.br/contact.php
>> >
>> > "How often must a question be asked before it's considered a
>> > frequently asked question?"
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>>
>>
>>
>> --
>> Lincoln Zuljewic Silva
>> More contact info.: http://www.system.adm.br/contact.php
>>
>> "How often must a question be asked before it's considered a
>> frequently asked question?"
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Lincoln Zuljewic Silva
More contact info.: http://www.system.adm.br/contact.php
"How often must a question be asked before it’s considered a
frequently asked question?"
More information about the Freeradius-Users
mailing list