Thanks for the clarification. It seems backward to me but maybe that
will become clearer as I work with it.
Either way I think I can work with it.
LB
[EMAIL PROTECTED] wrote:
I need to use radius to AUTHENTICATE users and then once they are
authenticated have it pass it over to and LDAP server for Authorization,
I believe this is possible with radius but if anyone has any experience
with this or good links for setting it up I would appreciate it.
Thanks,
LB
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius first does authorization (and pulls all the attributes, not
just password) and then authentication.
1. Configure ldap module in raddb/modules/ldap
2. Uncomment ldap in authorize section of the default virtual server
(raddb/sites-enabled/default)
3. Create auth type for krb authentication. Add:
Auth-Type Kerberos {
krb5
}
to *all* enabled virtual servers (all need to recognize the entry in
users file)
4. Add:
DEFAULT Auth-Type = Kerberos
to users file.
http://wiki.freeradius.org/index.php/Rlm_krb5
http://wiki.freeradius.org/index.php/Rlm_ldap
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
