wiki:Internal/radius

Authentication with orbit LDAP and freeradius3

  • install freeradius 3, and freeradius-ldap
  • we'll only touch the following files:
    • symlink mods-avalable/ldap to mods-enabled/ldap
    • edit mods-enabled/ldap
    • edit sites-enabled/default
    • edit sites-enabled/inner-tunnel
  • ldap control mapping of radius attributes to ldap ones
  • sites-enabled/default post-auth sections sets policy
  • send semicolon separated list of groups to pfsense 
    foreach &control:Ldap-Group {
    update reply {
        Class += "%{Foreach-Variable-0};"
    }
}
  • set allowed groups 
    #allow only users of following groups to authorize
if (LDAP-Group == sysadmin) {
    noop
}
elsif (LDAP-Group == vpnuser) {
    noop
}
else {
    reject
}
Last modified 5 years ago Last modified on Aug 12, 2019, 10:16:40 PM
Note: See TracWiki for help on using the wiki.