documentation and project organization (Was: Using LDAP with EAP-TLS)

Alan DeKok aland at deployingradius.com
Tue May 17 09:30:50 CEST 2011


Gary Gatten wrote:
> Good point about configuring multiple things at once - but that is a "recipe" - right? Several ingredients that make a tasty cake?

  Yes.  It should be done as a recipe with multiple steps.  See
http://deployingradius.com for examples.

> I think it would be a pretty common deployment scenario: lots of people have Cisco and AD, and want to auth their Cisco admins / VTY access against AD.  We used this exact scenario as a basic starting point with FR (and I've noticed others on here do the same) before moving on to more complicated setups.

  Sure.

  But the layout should be:

(1) configuring Active Directory
(2) group checking via AD
(3) configuring FR to do VTY access
    *independent* of anything else!
(4) Using steps 1-3 to create a combined configuration

  I've seen too many guides which put all of 1-4 into one guide.  The
result is that anyone doing something a *little* bit different is lost.

  For your suggested doc, it should be easy.  (1) and (2) exist already.
 Just refer to them.  Then, create a simple doc for (3), using the
"users" file as an example, with local password and no group checking.
Then, write (4) showing how you've changed the "users" file entry from
(3) to use the features of (1) and (2).

  Each step should be no more than a page or so of text, with
configuration file examples, instructions on what to type, and
explanations as to what it all means.

  Again, the deployingradius.com docs should be used as an example of
layout and style.  In the last 6 years, the only complaints about those
docs have been (1) typos, and (2) people who didn't follow the steps
correctly.

  Alan DeKok.



More information about the Freeradius-Users mailing list