On Fri, 17 May 2002, Allister Maguire wrote: > Hello, > > In the radiusd.conf file you have the choice of specifing what Modules > are used to: > > authorize { > preprocess > suffix > ldap > } > > And > > authenticate { > pam > } > > > Is it posible to authorize via Ldap (Active Directory, including all > radius attributes) and authenticate via Pam (Kerberos v, Windows 2000 > KDC)?
As for ldap i think yes. In any case it would be nice to know how well the ldap module cooperates with Active Directory. > > > Also is it posible to return a set of radius attribute/value-pair's from > a single ldap schema attribute? Eg: > > When I created our radius ldap schema, I only wanted to create ldap > attributes for radius attribute/value-pair's used to check eg: > "Called-Station-Id" etc. I created a generic ldap attribute called > radiusGenericReturn, this would hold a value (attribute/value-pair) > like: "Framed-Protocol=Framed, Framed-IP-Address=192.168.0.234, > Framed-IP-Netmask=255.255.255.0 ...", this would allow the addition of > any new radius attribute's with ease. > > Is this posible? Yes, see ldap.attrmap the $GENERIC$ attributes: checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem It can only hold one attribute though: radiusReplyItem: Framed-IP-Netmask = 255.255.255.255 > > > Thanks > Allister Maguire > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html