| | 1 | == Authentication with orbit LDAP and freeradius3 == |
| | 2 | |
| | 3 | * install freeradius 3, and freeradius-ldap |
| | 4 | * we'll only touch the following files: |
| | 5 | * symlink mods-avalable/ldap to mods-enabled/ldap |
| | 6 | * edit mods-enabled/ldap |
| | 7 | * edit sites-enabled/default |
| | 8 | * edit sites-enabled/inner-tunnel |
| | 9 | |
| | 10 | * ldap control mapping of radius attributes to ldap ones |
| | 11 | * sites-enabled/default post-auth sections sets policy |
| | 12 | |
| | 13 | * send semicolon separated list of groups to pfsense |
| | 14 | {{{ |
| | 15 | |
| | 16 | foreach &control:Ldap-Group { |
| | 17 | update reply { |
| | 18 | Class += "%{Foreach-Variable-0};" |
| | 19 | } |
| | 20 | } |
| | 21 | }}} |
| | 22 | * set allowed groups |
| | 23 | {{{ |
| | 24 | #allow only users of following groups to authorize |
| | 25 | if (LDAP-Group == sysadmin) { |
| | 26 | noop |
| | 27 | } |
| | 28 | elsif (LDAP-Group == vpnuser) { |
| | 29 | noop |
| | 30 | } |
| | 31 | else { |
| | 32 | reject |
| | 33 | } |
| | 34 | }}} |
