> > I currently have FreeRADIUS setup to authenticate users against Active > Directory and the local users file. Now I want to use it as the RADIUS > server for my Extreme network switches. My hope is to be able to use the > Active Directory accounts to authenticate the users to the switch via > FreeRADIUS. > > After doing some research I see that I need to return the radiusServiceType > attribute to the Extreme switch. My understanding is that this will have > to reside in the LDAP schema/database, correct? If this is correct, to > extend the AD schema, I need an OID for the radiusServiceType attribute > that needs to be unique. I have been unable to find what the X.500 OID for > this attribute is. Anyone know this?
>From the RADIUS-LDAPv3.schema attributetype ( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) Or you can use private numbers. Here is a link to a page about extending schemas with openldap. http://www.openldap.org/doc/admin21/schema.html#Extending%20Schema > > Is there another way to do this that I am missing? I know I can use the > users file, but that is not ideal as it is another place that passwords > have to be managed and I cannot enforce password policies easily this way. > > Any guidance would be greatly appreciated. > > Thanks, > Mark Capelle > > > > CONFIDENTIALITY NOTICE: This e-mail may contain trade secrets or > privileged, undisclosed or otherwise confidential information. If you have > received this e-mail in error, you are hereby notified that any review, > copying or distribution of this message in whole or in part is strictly > prohibited. Please inform the sender immediately and destroy the original > transmittal. Thank you for your cooperation. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html