LDAP & FreeRadius User Integration
-
Hello,
I am researching and considering to implement LDAP for user management and grouping and having FreeRadius to enforce some of its own attributes.
The thing I am uncertain about (before really getting into playing with it) would I need to create the LDAP user profile within the FreeRadius GUI user tab as well? So each time I create a new user, I must match the name and credentials twice - wouldn't that defeat the purpose?
Perhaps I am approaching the problem incorrectly.
Preferrably I would like to create one user for each organization and limit the number of devices through FreeRadius which I cannot for the life of me figure out why its not being enforced. So now I am left with creating 100+users which I feel would be much better organized and easier to manage on the LDAP interface but if I have to add them on GUI as well then not sure if this would be the most efficient approach for me.
Ill appreciate any pointers to the right direction!
-
If you're authenticating against Freeradius the users only need to exist there.
If you have 100s of users though I'd consider using an external radius server. The Freeradius package in pfSense is not really optimised for large numbers like that.
