Is it possible for FreeRadius to perform grouping after Kerberos
authentication accepted?

My company has many switches and servers and we use kerberos 5 for
RADIUS authentication. Once the user is authenticated, RADIUS will check
and decide if this user can access the switches or particular servers
(i.e. Allow telnet to the switch if the user belongs to the 'switch
administrator' group).

I've looked in the huntgroup file but it seems to require a lot of works
for a very large company (5000+ users), and the problem is we can't
touch the Kerberos server.

Any help would be appreciated. Thank you


List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to