[RADIATOR] Converting from using a plaintext users file, to using LDAP
Hugh Irvine
hugh at open.com.au
Wed Sep 25 12:13:24 CDT 2013
Hello Elvind -
Yes your approach will also work - I misunderstood your original question and thought you wanted to retain the AuthBy FILE component.
The AuthBy FILE part would only be to hold the "group" reply attributes, which as you say can also be done with AddToReply in the simple case.
regards
Hugh
On 25 Sep 2013, at 10:11, "Eivind Olsen" <eivind at aminor.no> wrote:
> Hugh Irvine wrote:
>> Yes this is fairly simple to do with multiple AuthBy clauses - in this
>> case with a trailing AuthBy FILE to set the required reply attributes.
>
> My plan is to avoid the entire AuthBy FILE, if I can, so whoever is
> provisioning these users won't have to also edit a file, adding the users
> to the groups in LDAP should be sufficient. And if we need to make new
> levels of user access / giving special attributes to some, we'll add a new
> group and do a small change in radiusd.cfg
>
> I'll add the attributes with AddToReply, in the specific AuthBy block, and
> won't need to use an AuthBy FILE then?
>
> Regards
> Eivind Olsen
>
>
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc.
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list