How to configure FreeRADIUS for Kerberos and LDAP
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sat May 31 12:20:17 CEST 2014
On 31 May 2014, at 02:20, Brendan Kearney <bpk678 at gmail.com> wrote:
> i have put together a doc to assist in the configuration of FreeRADIUS
> to use Kerberos for authentication (AuthN) and LDAP for authorization
> (AuthZ).
Nice, thanks.
> I have modelled the configs after my environment, and taken
> into account the design and implementations choices i have made. others
> may have different needs, so some directives or values may need to be
> changed based on those needs. i make no guarantees that my configs will
> work in your environment.
>
> i have tried to use simple language, but be concise, precise and
> accurate. if points are ambiguous, lacking clarity or leave room for
> misinterpretation, please provide constructive feedback.
This sort of methodology:
• cp authorize authorize-$(date +”%b.%d.%Y”)-01
• cp authorize authorize-$(date +”%b.%d.%Y”)-02
Is quite outdated. The configuration should be kept under git version
control or similar, and git show/diff etc... used to examine sets of
changes.
Git can also be used as a management framework, for automatically pushing
new configurations out to clusters of servers. There are example
scripts for this in the scripts/ dir of the src.
But the rest of the doc looks ok. It'd be more useful on the wiki if anyone
feels like transcribing it.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140531/69257830/attachment.pgp>
More information about the Freeradius-Users
mailing list