Authentication with ldap support
Marco Miglietta
marco.miglietta at unisalento.it
Tue Mar 30 12:25:30 CEST 2021
Thank you Alan. I hope in a short time to become a little expert with
freeradius while I try to solve daily problems.
I would to use freeradius for authentication and only to verify user
password with the one that is in external ldap that I bind.
Where have I to operate, what are the involved config files ?
Do you have any suggestions ?
Thank you v.m.
Marco.
Il 24/03/21 12:39, Alan DeKok ha scritto:
> On Mar 24, 2021, at 7:15 AM, Marco Miglietta <marco.miglietta at unisalento.it> wrote:
>> In order to solve the problem in passing VLAN related attribute during 802.1x authentication with Aruba AP, I found the post below useful.
>> But this caused problems with VLAN assignment on Junipers switches during the 802.1x authentication process.
>> What is a way to solve the problem? The solutions seem to be mutually exclusive.
> There is not a unique "the problem" which is being solved. Instead, there is a whole grab-bag of issues.
>
> IF you want to apply policies based on "real" name, THEN for PEAP / TTLS, that real name is only available in the inner tunnel. AND THEN you have to apply the policies in the inner tunnel, and then copy the results to the outer reply.
>
> IF you want to apply policies based on things like MAC addresses, THEN those addresses are always available (you don't need inner-tunnel). AND THEN you can just apply policies in the "default" outer virtual server.
>
> There is no "magic set of incantations" which will make FreeRADIUS do what you want. You have to understand what's going on, including understanding how FreeRADIUS works. And only then can you configure the server to do it.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
More information about the Freeradius-Users
mailing list