Freeradius with LDAP and in second LDAP Authorization or Proxying
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Mar 13 10:59:30 CET 2017
Hi,
> i have a problem with the Set-Up i have to do.
> we have two types of costumers (managed and unmanaged). In our Setup we
> get all access-requests to the same radius server.
> In this radius Server then we have to decide if we have to proxying the
> request (unmanaged costumer) or authorize against our
> LDAP server (unmanaged costumer).
> The information if the costumer ist managed/unmanaged along with proxy
> and user information is in the same ldap and i have
> to query it first for deciding what to do.
> Is such a setup possible with freeradius?
>
> My specs:
> Ubuntu 16.04
> FreeRADIUS Version 2.2.8 (2.2.8+dfsg-0.1build2 from apt)
>
> The basic setup with authorization/authentication against the ldap is
> running very well, but the extension with the unmanaged
> costumers give my head ache. I need help to find the right direction to run.
so you authorize already? if so, what LDAP attribute (group etc) can you use to distinguish
the 2 types? just use that as the basis for unlang
in authorize {}, just after ldap, you can do eg
if (%{LDAP-Group} == "unmanaged"){
update control {
Proxy-to-Realm := unmanaged
}
updated
}
and then in proxy.cofn set up an 'unmanaged' server group to send the request to.
note, none of the above is validated/errer-free/tested, theres probably at least a few syntax errors but it
will give you the fundamental idea...
alan
More information about the Freeradius-Users
mailing list