ldap+freeradius

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Fri Nov 11 14:41:33 CET 2011


Hi,

>    I configured FreeRadius for Authentication with Active Directory by
>    following the steps as suggested by Alan's deployingradius.com. Everything
>    is working successfully like Samba, Kerberos, ntlm_auth configuration, I
>    can successfully join the domain as an administrator and also user can be
>    authenticated by their credentials successfully. Now I need one suggestion
>    here: Is there any way that administrator be able to read and write the
>    information about user's access privileges by joining the domain. Such as
>    users are allowed/denied for WIFi access, VPN access etc. I don't know
>    whether it is possible or not by confguring anything with
>    Samba/Kerberos/ntlm_auth/FreeRadius or should I need any other program to
>    obtain this goal.

currently, you are just doing authentication - you now need to think about authorization
and policy - there are many ways of doing this - hints,huntgroups, SQL, external scripts
using perl;python;ruby, unlang , LDAP attributes etc. you need to decided where you skills
lie and what methods/facilities you have in place for checking... if you already
have a DB for access info...then use that! :-)  - you can then reject, set values, set return
attributes etc via your chosen method.  there are example, docs, wiki entries, config
comments etc for this operation.

alan



More information about the Freeradius-Users mailing list