Specific, complicated, detailed user rights possibility?

Alan DeKok aland at deployingradius.com
Fri Aug 28 14:49:39 CEST 2015


On Aug 28, 2015, at 8:02 AM, Mart Pirita <mart at e-positive.ee> wrote:
> But main idea is that ldap just does the authentication yes/no and that's it, nothing more.

  So... LDAP is an authentication server?

> Everything else (who can access and with what rights) is in the radius config only. Is this possible?

  And RADIUS contains that database of user rights?

  You can do that, but it's a bit backwards from the normal process.

> Same question, how to do it without ldap groups?

  You write down what you want, then implement it in unlang.  For RADIUS groups, see "man rlm_passwd".

  Alan DeKok.




More information about the Freeradius-Users mailing list