29
Mar

radius - ldap

   Posted by: admin   in Linúc ếch bợt, Mẹo vặt của hiếu râu

install freeradius

cd /etc/freeradius - etc/raddb

vi radiusd.conf

ldap {

server = “demo1″

identity = “myaccount”

password = “mypassword”

basedn = “OU=Users,OU=Production,DC=demo,DC=com,DC=vn”

filter = “(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(memberOf=OU=Groups,OU=Production,DC=demo,DC=com,DC=vn))”

#password_attribute = userPassword

# set this to ‘yes’ to use TLS encrypted connections

# to the LDAP database by using the StartTLS extended

# operation.

# The StartTLS operation is supposed to be used with normal

# ldap connections instead of using ldaps (port 689) connections

start_tls = no

# tls_cacertfile        = /path/to/cacert.pem

# tls_cacertdir         = /path/to/ca/dir/

# tls_certfile          = /path/to/radius.crt

# tls_keyfile           = /path/to/radius.key

# tls_randfile          = /path/to/rnd

# tls_require_cert      = “demand”

# default_profile = “cn=radprofile,ou=dialup,o=My Org,c=UA”

# profile_attribute = “radiusProfileDn”

#access_attr = “dialupAccess” <<——– comment this line

# Mapping of RADIUS dictionary attributes to LDAP

Uncomment ldap in authorize and authenticate sessions
vi clients.conf
client 10.100.0.0/24 {
secret          = mypassword
shortname       = hcm-network-vl100
}
vi users
DEFAULT Auth-Type = LDAP
Fall-Through = 1
radtest user pass 127.0.0.1 0 testing123
This entry was posted on Tuesday, March 29th, 2011 at 4:49 pm and is filed under Linúc ếch bợt, Mẹo vặt của hiếu râu. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a reply

Name (*)
Mail (will not be published) (*)
URI
Comment