openLDAP, freeRadius and firewall integration
aland at deployingradius.com
Wed May 31 19:07:18 CEST 2017
On May 31, 2017, at 6:56 AM, M. selcuk karaca <selcuk.karaca at pardus.org.tr> wrote:
> We have an openLDAP server. And we want to integrate LDAP users to our firewall. Our ultimate aim for integration is to apply FW policies according to users. curently we are applying policies according to IP addresses.
That's largely how firewalls work... applying rules by users is a bit more difficult.
> Because openLDAP server does not provide us with accounting information sent to the FW, we have employed a freeRadius server.
FreeRADIUS doesn't generate accounting records. It receives accounting records from a NAS or firewall.
> But we could not trigger freeRadius accounting packages by authenticating our users with openLDAP server.
Because OpenLDAP doesn't generate accounting packets.
> SO we have used libpam-radius-auth package and directly authenticated users from freeRadius.
Which does some accounting...
> I want to ask whether this way is a logical one. does this have any negative effects, not recommended etc..
> what should be the correct architecture for authenticating our users from openLDAP and provide Firewall integration for user based policies..?
I'm not even sure what you want to do.
Your question into clear that you understand how firewalls work, how LDAP works, and how RADIUS works.
More information about the Freeradius-Users