Radius Administration
Pardon my stupidity if this is the wrong forum to post this in, I don't know if this is a eDirectory or freeradius issue...
I have built a freeradius VM which backends into eDiriectory (via LDAP) and everything seems to work perfectly.
The problem is ease of administration.
It appears that the plugins allow you to set Radius Attributes for specific users, or create a Radius Profile which you must then assign each user to.
However I can not seem to figure out how to assign Radius Attributes via Group Membership (group membership being the cornerstone of all network management!)
The reason this is an issue is that even with the plugins, I need to go to the "Other" page to assign the "radiusProfileDN" attribute. Any attempt to modify the attribute using the plugin results in some generic attribute error. I also do not want to go to each of the 2000 users I have and modify one attribute (please don't say use a LDIF file either has this has to be stupid-simple for the other admins)
I also see that freeradius has the ability to query group membership, but the problem is that it assumes that the member attribute is only populated by the username, NOT the full context! Any attempt to modify the ldap filter for something like (member=cn=%{User-Name},*) fails.
There has to be a solution, but I have found VERY little about it on the internet.
Thanks
Bob
|
Threaded Mode
