Group policy on freeradius like on microsoft NPS server

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Group policy on freeradius like on microsoft NPS server

MD. NUR KHAKIM A`ZIIZUDIN
Hi there,

i'm new to freeradius, recently we are implementing freeradius as AAA server to authenticate user throug aruba wifi controller
our setup is openldap + freeradius + aruba

we use AD + NPS server + aruba before, and have implemented group policy on our network configuration that read filter-id attribute
so how we do the same thing on freeradius, i've been searching on google and didn't find anything.

if anyone know how to add group policy for openldap + freeradius + aruba setup please let me know how to do it.

Best Regards
--
MD Nur Khakim Aziizudin

Network & system administrator
directorate of IT infrastructure
National Civil Service Agency of Indonesia
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Group policy on freeradius like on microsoft NPS server

Matthew Newton-3

On 17/07/2020 10:49, MD. NUR KHAKIM A`ZIIZUDIN wrote:
> i'm new to freeradius, recently we are implementing freeradius as AAA server to authenticate user throug aruba wifi controller
> our setup is openldap + freeradius + aruba

OK

> we use AD + NPS server + aruba before, and have implemented group policy on our network configuration that read filter-id attribute
> so how we do the same thing on freeradius, i've been searching on google and didn't find anything.
>
> if anyone know how to add group policy for openldap + freeradius + aruba setup please let me know how to do it.

"Group policy" is Microsoft wording. You need to work out what that
actually means in terms of what the RADIUS server is doing.

i.e. what attributes do you need to send back when a particular request
comes in? Where is the data in those attributes stored?

Then write a configuration/policies that look up the data based on the
incoming request and sends the correct attributes back in the reply. The
NAS documentation (sounds like Aruba in your case) should give you an
indication of what to send back.

The easiest thing if you don't know already is probably to look at the
replies your old system is sending, and then replicate that in FreeRADIUS.

--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html