Can't figure out Group Authentication
NdK
ndk.clanbo at gmail.com
Tue Jun 26 11:36:15 CEST 2012
Il 22/06/2012 17:32, Julson, Jim ha scritto:
> Now, the problem is this. Following Alan DeKok's guide at http://deployingradius.com/documents/configuration/active_directory.html, I was able to get FreeRADIUS 2.X running on CentOS 6.2 with pretty minimal effort. There were a few things I had to go elsewhere to figure out, but I managed. I have FreeRADIUS setup and authenticating using NTLM_AUTH. I was able to join my AD 2008 R2 Domain, I can list users, groups etc.. This RADIUS server will be for authenticating users on all of our Cisco devices, as well as remote access VPN users. So the problem is this. It's authenticating...a little too well.
Why not add a "default group" var (to be overridden for specific
clients) and pass it to ntlm_auth in "--require-membership-of="
parameter? That way you can filter who can authenticate from any NAS.
And IIUC huntgroups, you can even define groups of clients...
Please correct me if I'm wrong.
BYtE,
Diego.
More information about the Freeradius-Users
mailing list