On 08/09/2012 10:29 PM, Casho, Craig L wrote:
Basically, how does one go about configuring the radius server to
forward requests to the Redhad LDAP server with these attributes.
This is way too vague, and your terminology is all wrong which suggests
you haven't read the docs and aren't familiar with FreeRADIUS.
If you want a more specific answer, please ask a more specific question.
However: there are several ways to accomplish what you want. Assuming
that you have basic LDAP authenication (i.e. username/password checking)
already working the simplest and most common approach is to use use LDAP
groups. For example, in the "users" file you might put:
DEFAULT Ldap-Group == cisco-admin-users
Cisco-AVPair += "shell:priv-lvl=15"
The other common approach is to define an LDAP attribute, and map this
to the Cisco-AVPair reply item, then populate your LDAP entries
appropriately. For example, you could add an LDAP entry:
dn: cn=username,ou=foo,o=bar
myCiscoVals: shell:priv-lvl=15
...and in "ldap.attrmap" add:
replyItem Cisco-AVPair myCiscoVals
There are lots and lots of ways of doing this, but these are the most
common. I suggest you read the docs carefully. Setup a basic case and
get it working, then tune it to your needs. My advice would be to put
the FreeRADIUS config into version control, and check in your changes
each time you have a working config. Make small changes and test, then
check in.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
