Any way to implement privileges-granting as I configure in 'users'
luckydog xf
luckydogxf at gmail.com
Fri Nov 17 10:15:15 CET 2017
Hello,
Currently I'm using 'users file to authorize users against login on our
network device like Switches.
e.g
# /etc/raddb/users
......
h3c Cleartext-Password := "netadmin"
Service-Type = NAS-Prompt-User,
Huawei-Exec-Privilege = "3",
Login-Service = 50
......
But I want to intergrate it with FreeIPA( which provides a LDAP service),
which brings the benefit of using one-time-password(see this
https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7
)
Apparently it's easy to configure user's account, but is there any way to
handle the privileges related stuff like 'Huawei-Exec-Privilege = "3",' in
LDAP?
And by the way, how is 'authenticate section' in 'site-enabled/default'
called? I'm a littble bit confused. Can I say that 'authenticate section is
useless and
would NEVER be called unless I add "Auth-Type:= FOO" in the 'authorize
section' ? I guess this from the comment of 'default' .
Thanks,
More information about the Freeradius-Users
mailing list