<div dir="ltr"><div class="gmail_extra"><blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"><div><div class="h5">
<div dir="ltr"><div dir="ltr"><div>Thanks John for the reply.</div><div> </div><div>can I use EAP-TLS method of authentication with LDAP as backend datastore to check usernames and passwords.</div><div> </div><div>It would be like I bind to RADIUS server with EAP-TLS method using certificate and check usernames and passwords from LDAP server</div>
<div> </div><div>if yes on EAP-TLS can you please tell me how to configure EAP-TLS with LDAP as backend datastore.</div><div> </div><div>Basically I want to avoid harcoded usernames and passwords in raddb of RADIUS server for authenticating users which I am doing currently .</div>
<div> </div><div> ldap {<br> server = "localhost"<br> # identity = "cn=admin,o=My Org,c=UA"<br> identity = "uid=admin,ou=CamUsers,dc=vmbox,dc=int"<br> password = admin<br> basedn = "ou=CamUsers,dc=vmbox,dc=int"<br>
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"<br> # base_filter = "(objectclass=radiusprofile)"</div><div> # set this to 'yes' to use TLS encrypted connections<br> # to the LDAP database by using the StartTLS extended<br>
# operation.<br> # The StartTLS operation is supposed to be used with normal<br> # ldap connections instead of using ldaps (port 689) connections<br> start_tls = yes</div><div> # tls_cacertfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/cacert.pem<br>
# tls_cacertdir = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts<br> # tls_certfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem<br> # tls_keyfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem<br>
# tls_randfile = /path/to/rnd<br> tls_require_cert = "allow"</div><div> </div><div> </div><div>Waiting for your inputs</div><div> </div><div>Thanks and Regards,</div><div>Pramod</div><div> </div><div> </div>
</div><div class="gmail_quote"><div> </div></div></div></div></div></blockquote></div></div>