On Fri, 17 May 2002, Allister Maguire wrote:
> Hello,
>
> In the radiusd.conf file you have the choice of specifing what Modules
> are used to:
>
> authorize {
> preprocess
> suffix
> ldap
> }
>
> And
>
> authenticate {
> pam
> }
>
>
> Is it posible to authorize via Ldap (Active Directory, including all
> radius attributes) and authenticate via Pam (Kerberos v, Windows 2000
> KDC)?
As for ldap i think yes. In any case it would be nice to know how well the ldap
module cooperates with Active Directory.
>
>
> Also is it posible to return a set of radius attribute/value-pair's from
> a single ldap schema attribute? Eg:
>
> When I created our radius ldap schema, I only wanted to create ldap
> attributes for radius attribute/value-pair's used to check eg:
> "Called-Station-Id" etc. I created a generic ldap attribute called
> radiusGenericReturn, this would hold a value (attribute/value-pair)
> like: "Framed-Protocol=Framed, Framed-IP-Address=192.168.0.234,
> Framed-IP-Netmask=255.255.255.0 ...", this would allow the addition of
> any new radius attribute's with ease.
>
> Is this posible?
Yes, see ldap.attrmap the $GENERIC$ attributes:
checkItem $GENERIC$ radiusCheckItem
replyItem $GENERIC$ radiusReplyItem
It can only hold one attribute though:
radiusReplyItem: Framed-IP-Netmask = 255.255.255.255
>
>
> Thanks
> Allister Maguire
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
