> Hello, so for the BASIC question! First, is there any docs that explain > the concepts of how all the various pieces of FR tie together?
Read the debug - it will tell you what server does when it starts and when it processes the request. > We have various environments that need to authenticate and authorize > using FR: VPN connections with something like (if member of "VPNGroup" > then permit, else deny); vty login to network gear with (if member of > "NetEngGroup" then permit, else deny); and 802.1x with dynamic VLAN > assignment. I plan to use ntlm_auth for all of these to hit AD on the > backend. > > The problem I'm having is grasping how I can do this? Do I need > separate instances of FR? No. > A bunch of "if then/else" clauses somewhere? Yes, see man unlang. Configure AD in ldap module and use Ldap-Group to test membership. > How does FR know what type of auth is required? If you configure ntlm_auth statement in mschap module it will use it. Read AD integration guide: http://deployingradius.com/documents/configuration/active_directory.html Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
