As far as I know, a radius server is necessary for 802.1x. Also, RADIUS is an
excellent proven protocol that is widely adopted by many hardware vendors and
as such most of the work has already been done by the RADIUS devs and the
vendor. To replicate this functionality in PF would take a lot of work and be
very redundant.
In our installation we use RADIUS for the authentication of our
users and for forwarding the necessary info to the PF server, we use the LDAP
functionality for the captive portal authentication. But we will soon be
dropping the captive portal (at least changing to a splash page) when we
transition to 802.1x and thus be leaving LDAP behind altogether. RADIUS will
be the only PF service that talks to our LDAP, which should reduce overhead and
speed up the authentication process.
As for FreeRADIUS documentation, the team places almost all of
the docs INSIDE the config files (much like apache). But an excellent resource
on the web is www.DeployingRADIUS.com<http://www.DeployingRADIUS.com>, it is
written by the team that develops FreeRADIUS and is the authoritative resource
on the web. Also the listserv is VERY active and can help you with most any
problem.
***CAUTION***
The guys who run the listserv have very little patience, when you post a
question to the list be as descriptive as possible and include any
troubleshooting you have done, try to post only a single question at a time,
and ALWAYS include the debug output of your server.
***CAUTION***
Hope that helps.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Alberto Chavez [mailto:[email protected]]
Sent: Monday, October 17, 2011 8:50 AM
To: [email protected]
Subject: [Packetfence-users] freeRadius and OpenLDAP
Dear members of the community,
First I'd like to thank all the people who answered my last message, I never
received the answers into my inbox, but I checked it on the archive.
I finally installed, and configured PacketFence and FreeRADIUS.
While I was reading the the PacketFence Administration Guide; I read that
PacketFence can authenticate users via a flat file, an LDAP/AD Server, or
RADIUS Server, and under the section FreeRADIUS Configuration, there are 3
options: Authentication against Active Directory, Local Authentication and
Authentication against LDAP, being the last one shown as "To be contributed..."
I was wondering, why is it necessary to install and configure a RADIUS Server,
if PacketFence can directly authenticate against an LDAP Server? Is there any
advantage of using a RADIUS Server? does it add another layer of security? I
know that the guide mentions that under some configurations, it is mandatory a
RADIUS Server, and even if we do not plan to use it, it is recommended to
install it, I'd like to know why. Another thing is if somebody have configured
FreeRADIUS against OpenLDAP, would it be possible to tell me where to find
proper documentation in order to do it myself?
I am not expecting to answer all of my questions, but I'd like to know if some
of you can point me to the right place to start looking my answers. Thank you
so much for your support!
Alberto
P.S. Another thing, does somebody have an idea why I don't get the replies in
my inbox? I can only read them through the archive.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
