Freeradius 3.x with LDAP authentication

Matthew Newton matthew at newtoncomputing.co.uk
Mon Aug 14 23:42:22 CEST 2017


On Mon, Aug 14, 2017 at 05:15:43PM -0300, Adam Cage wrote:
> But we have to use LDAP authentication against an AD server, because in the
> near future we have to use the "ldap-group" attribute in order to group
> wifi users by SSID, and let them use different wifi networks.

You don't need to use LDAP to authenticate, just to check groups
the user is in.

With AD it's pretty unlikely that you will be able to use LDAP to
authenticate anyway. For wireless pretty much the only option
you've got is an LDAP bind when you're doing EAP-TTLS/PAP. Which
some clients can't do.

> Please confirm to me if I am ok or not, because maybe using your
> recommended configuration I can add the ldap-group attribute in order to
> select group of users by SSID.

Use Samba for authentication, then configure the ldap module for
authorization. They're not mutually exclusive.

-- 
Matthew


More information about the Freeradius-Users mailing list