Any way to implement privileges-granting as I configure in 'users'

luckydog xf luckydogxf at gmail.com
Fri Nov 17 10:15:15 CET 2017


Hello,

    Currently I'm using 'users file to authorize users against login on our
network device like Switches.

   e.g
  # /etc/raddb/users
......
h3c    Cleartext-Password := "netadmin"
       Service-Type = NAS-Prompt-User,
       Huawei-Exec-Privilege = "3",
       Login-Service = 50
......


But I want to intergrate it with FreeIPA( which provides a LDAP service),
which brings the benefit of using one-time-password(see this
https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7
)

Apparently it's easy to configure user's account, but is there any way to
handle the privileges related stuff like 'Huawei-Exec-Privilege = "3",' in
LDAP?

And by the way, how is 'authenticate section' in 'site-enabled/default'
called? I'm a littble bit confused. Can I say that 'authenticate section is
useless and

 would NEVER be called  unless I add "Auth-Type:= FOO" in the 'authorize
section' ?  I guess this from the comment of 'default' .

Thanks,


More information about the Freeradius-Users mailing list