Discussion:
Freeradius ldap authentication sql authorization help!!
Jamie Crawford
2005-03-13 22:58:36 UTC
Permalink
Hello,
To make it short, is it possible to authenticate users through ldap
(which I can do right now), but limit which ports they can login to (16)
on a port by port basis through sql with having to store their password
in the db or modifying my ldap schema?

Currently I have freeradius authenticating users through NIS and
authorizing users to port numbers with the users file. This works great
until the list starts changing daily on who can and cannot use ras.

I'm wondering if anyone has setup freeradius to authenticate through
ldap and authorize through a postgress db. All the documentation that I
have read says that I need the users username and password in the
database, or that I need to modify my ldap schema.

Thanks,
jamie





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok
2005-03-14 02:10:35 UTC
Permalink
Post by Jamie Crawford
I'm wondering if anyone has setup freeradius to authenticate through
ldap and authorize through a postgress db.
Yes. I haven't done it myself, but FreeRADIUS is *designed* to have
that kind of flexibility.
Post by Jamie Crawford
All the documentation that I have read says that I need the users
username and password in the database, or that I need to modify my
ldap schema.
If you're authorizing via SQL, your LDAP schema shouldn't need changes.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jamie Crawford
2005-03-14 17:40:50 UTC
Permalink
" If you're authorizing via SQL, your LDAP schema shouldn't need
changes."

Alan DeKok.

Alan, thanks for the response!!! But if I'm authorizing through SQL, do
I have to have the users password in the database. I was hoping to use
the db kind of like the users file. I have nas port numbers with
allowed users with only their username for authorization, if their
username isnt in the first port it falls through and so on, and if the
user isnt authorized for any of the ports, the user is denied access.
Is this possible?

thanks,
jamie
Post by Jamie Crawford
I'm wondering if anyone has setup freeradius to authenticate through
ldap and authorize through a postgress db.
Yes. I haven't done it myself, but FreeRADIUS is *designed* to have
that kind of flexibility.
Post by Jamie Crawford
All the documentation that I have read says that I need the users
username and password in the database, or that I need to modify my
ldap schema.
If you're authorizing via SQL, your LDAP schema shouldn't need
changes.

Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok
2005-03-14 17:43:21 UTC
Permalink
Post by Jamie Crawford
Alan, thanks for the response!!! But if I'm authorizing through SQL, do
I have to have the users password in the database.
If you're using LDAP bind for authentication no.

If, however, your users are using CHAP or MS-CHAP, then LDAP bind
won't work. The server MUST obtain it's passwords somehow.
Post by Jamie Crawford
I was hoping to use the db kind of like the users file. I have nas
port numbers with allowed users with only their username for
authorization, if their username isnt in the first port it falls
through and so on, and if the user isnt authorized for any of the
ports, the user is denied access. Is this possible?
In the CVS head, the SQL module can do this.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cris Boisvert
2005-03-14 17:47:24 UTC
Permalink
Anyone get mod_aut_Radius runing on Fedora Core 3 without recompliling
Apache.. Seeing as they don't send you the source compile info... Their the
apxs install won't work?

Thanx
Cris


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...