Radius and LDAP permissions

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Radius and LDAP permissions

legdayallday
Hello,

Currently, my radius server is configured to use ldap. Would there be an issue if the radius and ldap daemons are ran with a different id group?

Radius:  ran by user (w/o root privilege)
LDAP: ran by root

If this would cause an issue, what would resolve the issue of radius requests not being able to go through the ldap server?

Thanks.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Radius and LDAP permissions

Sven Hartge-5
On 30.09.20 09:04, lingctam wrote:

> Currently, my radius server is configured to use ldap. Would there be an issue if the radius and ldap daemons are ran with a different id group?
>
> Radius:  ran by user (w/o root privilege)
> LDAP: ran by root
>
> If this would cause an issue, what would resolve the issue of radius requests not being able to go through the ldap server?

Your LDAP server should also not run as root.

Besides that: Unless you access your LDAP server via a UNIX socket but
via TCP, it does not matter which user the client or the server run under.

Grüße,
Sven.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html