- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Radius Authentication for Management
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Radius Authentication for Management
Hi Guys,
I'm trying to use freeradius together with openldap to authenticate admin & operator to access the different management console of a cluster of 5000 appliances.
On the Gaia Portal, the authentication works but the user don't receive the correct rights. The configuration is as follow:
On Gaia Potal, I created 2 Roles:
- radius-group-AdminSecurity (Full Read/Write Access)
- radius-group-any (Full ReadOnly Access)
In Openldap, I created a group:
ldapsearch -D "cn=Manager,dc=example,dc=com" -b "dc=example,dc=com" -ZZ -W -LLL "(cn=AdminSecurity)"
Enter LDAP Password:
dn: cn=AdminSecurity,ou=Group,dc=bcp-bank,dc=net
objectClass: posixGroup
objectClass: top
gidNumber: 4171
description: Security Administrator
cn: AdminSecurity
memberUid: my.user
In Freeradius, I created the following configuration:
- Load dictionary.checkpoint with following configuration:
VENDOR CheckPoint 2620
BEGIN-VENDOR CheckPoint
ATTRIBUTE CP-Gaia-User-Role 229 string
ATTRIBUTE CP-Gaia-SuperUser-Access 230 integer
END-VENDOR CheckPoint
- In users configuration file, added the following:
DEFAULT LDAP-Group := 'AdminSecurity'
CP-Gaia-User-Role = RADIUS-P1-ADMIN,
CP-Gaia-SuperUser-Access = 1
As I sayed earlier, the authentication works, but I'm always logged with the radius-group-any rights.
What should I change to have users belonging to AdminSecurity group to be logged with the radius-group-AdminSecurity rights ?
Thanks a lot for your support.
Jean-Christophe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm pretty sure the same applies to this as was discussed in this post
