How to configure FreeRADIUS for Kerberos and LDAP
bpk678 at gmail.com
Tue Jan 27 19:41:51 CET 2015
On Sat, 2014-05-31 at 11:20 +0100, Arran Cudbard-Bell wrote:
> On 31 May 2014, at 02:20, Brendan Kearney <bpk678 at gmail.com> wrote:
> > i have put together a doc to assist in the configuration of FreeRADIUS
> > to use Kerberos for authentication (AuthN) and LDAP for authorization
> > (AuthZ).
> Nice, thanks.
> > I have modelled the configs after my environment, and taken
> > into account the design and implementations choices i have made. others
> > may have different needs, so some directives or values may need to be
> > changed based on those needs. i make no guarantees that my configs will
> > work in your environment.
> > i have tried to use simple language, but be concise, precise and
> > accurate. if points are ambiguous, lacking clarity or leave room for
> > misinterpretation, please provide constructive feedback.
> This sort of methodology:
> • cp authorize authorize-$(date +”%b.%d.%Y”)-01
> • cp authorize authorize-$(date +”%b.%d.%Y”)-02
> Is quite outdated. The configuration should be kept under git version
> control or similar, and git show/diff etc... used to examine sets of
> Git can also be used as a management framework, for automatically pushing
> new configurations out to clusters of servers. There are example
> scripts for this in the scripts/ dir of the src.
> But the rest of the doc looks ok. It'd be more useful on the wiki if anyone
> feels like transcribing it.
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
updated version, includes steps to add schemas to LDAP, and now points
to LDAP for client definitions. Tested and found to be working on
More information about the Freeradius-Users