Hi, > I configured FreeRadius for Authentication with Active Directory by > following the steps as suggested by Alan's deployingradius.com. Everything > is working successfully like Samba, Kerberos, ntlm_auth configuration, I > can successfully join the domain as an administrator and also user can be > authenticated by their credentials successfully. Now I need one suggestion > here: Is there any way that administrator be able to read and write the > information about user's access privileges by joining the domain. Such as > users are allowed/denied for WIFi access, VPN access etc. I don't know > whether it is possible or not by confguring anything with > Samba/Kerberos/ntlm_auth/FreeRadius or should I need any other program to > obtain this goal.
currently, you are just doing authentication - you now need to think about authorization and policy - there are many ways of doing this - hints,huntgroups, SQL, external scripts using perl;python;ruby, unlang , LDAP attributes etc. you need to decided where you skills lie and what methods/facilities you have in place for checking... if you already have a DB for access info...then use that! :-) - you can then reject, set values, set return attributes etc via your chosen method. there are example, docs, wiki entries, config comments etc for this operation. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
