How to configure FreeRADIUS for Kerberos and LDAP

Arran Cudbard-Bell a.cudbardb at
Sat May 31 12:20:17 CEST 2014

On 31 May 2014, at 02:20, Brendan Kearney <bpk678 at> wrote:

> i have put together a doc to assist in the configuration of FreeRADIUS
> to use Kerberos for authentication (AuthN) and LDAP for authorization
> (AuthZ).

Nice, thanks.

>  I have modelled the configs after my environment, and taken
> into account the design and implementations choices i have made.  others
> may have different needs, so some directives or values may need to be
> changed based on those needs.  i make no guarantees that my configs will
> work in your environment.
> i have tried to use simple language, but be concise, precise and
> accurate.  if points are ambiguous, lacking clarity or leave room for
> misinterpretation, please provide constructive feedback.

This sort of methodology:

	•	cp authorize authorize-$(date +”%b.%d.%Y”)-01
	•	cp authorize authorize-$(date +”%b.%d.%Y”)-02

Is quite outdated. The configuration should be kept under git version
control or similar, and git show/diff etc... used to examine sets of

Git can also be used as a management framework, for automatically pushing
new configurations out to clusters of servers. There are example 
scripts for this in the scripts/ dir of the src.

But the rest of the doc looks ok. It'd be more useful on the wiki if anyone
feels like transcribing it.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list