cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Radius Authentication for Management

Hi Guys,

I'm trying to use freeradius together with openldap to authenticate admin & operator to access the different management console of a cluster of 5000 appliances.

On the Gaia Portal, the authentication works but the user don't receive the correct rights. The configuration is as follow:

On Gaia Potal, I created 2 Roles:

 - radius-group-AdminSecurity (Full Read/Write Access)

 - radius-group-any (Full ReadOnly Access)

In Openldap, I created a group:

ldapsearch -D "cn=Manager,dc=example,dc=com" -b "dc=example,dc=com" -ZZ -W -LLL "(cn=AdminSecurity)"
Enter LDAP Password:
dn: cn=AdminSecurity,ou=Group,dc=bcp-bank,dc=net
objectClass: posixGroup
objectClass: top
gidNumber: 4171
description: Security Administrator
cn: AdminSecurity
memberUid: my.user

In Freeradius, I created the following configuration:

 - Load dictionary.checkpoint with following configuration:

      VENDOR          CheckPoint                      2620

      BEGIN-VENDOR    CheckPoint

      ATTRIBUTE       CP-Gaia-User-Role                       229     string
      ATTRIBUTE       CP-Gaia-SuperUser-Access                230     integer

      END-VENDOR      CheckPoint

 - In users configuration file, added the following:

      DEFAULT        LDAP-Group := 'AdminSecurity'
                            CP-Gaia-User-Role = RADIUS-P1-ADMIN,
                            CP-Gaia-SuperUser-Access = 1

As I sayed earlier, the authentication works, but I'm always logged with the radius-group-any rights.

What should I change to have users belonging to AdminSecurity group to be logged with the radius-group-AdminSecurity rights ?

Thanks a lot for your support.

Jean-Christophe

0 Kudos
1 Reply
Highlighted

Re: Radius Authentication for Management

I'm pretty sure the same applies to this as was discussed in this post

Regards, Maarten
0 Kudos