Authorization with Active Directory
suggestme
samanaupadhyay at hotmail.com
Tue Jan 3 17:55:16 CET 2012
Hi,
I have configured freeradius server to authenticate & authorize user with
the supplied username and password against active directory. Till this
stage; The user can be authenticated and authorized successfully with
credentials provided. For this purpose; user is just authenticated and
authorized depending upon the filter of LDAP module which I have set. My
LDAP module filter configuration is as:
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
But Now, I want to go deep on authenticating and authorizing user to allow
or reject VPN or Wifi access, etc. For this purpose I have created extension
attribute in Active directory and has assigned the value as "VPN" , "Wifi",
etc..... Now my question is: How can I set the filter in Ldap module of
FreeRadius to just allow the user belonging to VPN or wifi ? Should I need
to add the extension attribute filter to the above mentioned filter? OR
should I need to define 2 filters: the above one and another for extension
attribute? I tried defining 2 filters separately; it didn't work.
I know some people use the concept of "Group" for this purpose. In my case,
I can't use Group. I just have to authenticate and authorize user just using
Active Directory attribute.
I don't know whether this is way to do or not. Any idea would be really
helpful.
This forum has really helped a lot to the beginner like me to reach till
this stage.
Thanks everyone............
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Authorization-with-Active-Directory-tp5117364p5117364.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list