openLDAP, freeRadius and firewall integration
M. selcuk karaca
selcuk.karaca at pardus.org.tr
Wed May 31 12:56:50 CEST 2017
I have an architectural question and I hope I will not destroy list rules
We have an openLDAP server. And we want to integrate LDAP users to our
firewall. Our ultimate aim for integration is to apply FW policies
according to users. curently we are applying policies according to IP
Because openLDAP server does not provide us with accounting information
sent to the FW, we have employed a freeRadius server.
But we could not trigger freeRadius accounting packages by
authenticating our users with openLDAP server. SO we have used
libpam-radius-auth package and directly authenticated users from freeRadius.
I want to ask whether this way is a logical one. does this have any
negative effects, not recommended etc..
what should be the correct architecture for authenticating our users
from openLDAP and provide Firewall integration for user based policies..?
Thanks for your guidance..
More information about the Freeradius-Users