Authentification with: login, password, SSID and Ldap

ludovic cailleau ludoviccailleau at yahoo.fr
Tue Apr 25 15:33:36 CEST 2006 

Hello
   
  My authentification with login, password, SSID start with the “users” files of freeradius. 
   
  But now I would like use Ldap. 
   
  -----------
  My slapd.conf :
   
  include           /etc/openldap/schema/core.schema
  include           /etc/openldap/schema/cosine.schema
  include           /etc/openldap/schema/inetorgperson.schema
  include           /etc/openldap/schema/nis.schema
  include           /etc/openldap/schema/corba.schema
  include           /etc/openldap/schema/dyngroup.schema
  include           /etc/openldap/schema/java.schema
  include           /etc/openldap/schema/misc.schema
  include           /etc/openldap/schema/openldap.schema
  include           /etc/openldap/schema/ppolicy.schema
  include           /etc/openldap/schema/RADIUS-LDAPv3.schema
  schemacheck on
   
   
  # Allow LDAPv2 client connections.  This is NOT the default.
  allow bind_v2
   
  pidfile           /var/run/openldap/slapd.pid
  argsfile    /var/run/openldap/slapd.args
   
  database    bdb
  suffix            "o=crt"
  rootdn            "cn=adminlp,o=crt"
  # Cleartext passwords, especially for the rootdn, should
  # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
  # Use of strong authentication encouraged.
  # rootpw          azerty
  rootpw            {SSHA}vx07rOmgLvv4SSxzWfBbrjQy/B02ZxG3
   
  # The database directory MUST exist prior to running slapd AND 
  # should only be accessible by the slapd and slap tools.
  # Mode 700 recommended.
  directory   /var/lib/ldap
   
  --------
  Radius.conf 
   
  ldap {
              server = "127.0.0.1"
              identity = "cn=adminlp,o=crt"
              password = azerty
              basedn = "o=crt"
              filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(radiusVSA=%{Symbol-SSID}))"
              
              # ldap connections instead of using ldaps (port 689) connections
              start_tls = no
   
              # tls_cacertfile  = /path/to/cacert.pem
              # tls_cacertdir         = /path/to/ca/dir/
              # tls_certfile          = /path/to/radius.crt
              # tls_keyfile           = /path/to/radius.key
              # tls_randfile          = /path/to/rnd
              # tls_require_cert      = "demand"
   
              # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
              # profile_attribute = "radiusProfileDn"
              ###access_attr = "dialupAccess"
   
              # Mapping of RADIUS dictionary attributes to LDAP
              # directory attributes.
              dictionary_mapping = ${raddbdir}/ldap.attrmap
   
              ldap_connections_number = 5
   
              #
              # NOTICE: The password_header directive is NOT case insensitive
              #
              # password_header = "{clear}"
              #
              # Set:
              #     password_attribute = nspmPassword
              #
              # to get the user's password from a Novell eDirectory
              # backend. This will work *only if* freeRADIUS is
              # configured to build with --with-edir option.
              #
              #
              #  The server can usually figure this out on itSymbol-SSIDs own, and pull
              #  the correct User-Password or NT-Password from the database.
              #
              #  Note that NT-Passwords MUST be stored as a 32-digit hex
              #  string, and MUST start off with "0x", such as:
              #
              #     0x000102030405060708090a0b0c0d0e0f
              #
              #  Without the leading "0x", NT-Passwords will not work.
              #  This goes for NT-Passwords stored in SQL, too.
              #
              # password_attribute = userPassword
              #
              # Un-comment the following to disable Novell eDirectory account
              # policy check and intruder detection. This will work *only if*
              # FreeRADIUS is configured to build with --with-edir option.
              #
              # edir_account_policy_check=no
              #
              # groupname_attribute = cn
              # groupmembership_filter = "(|(&(objectClass=GrSymbol-SSIDoupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
              # groupmembership_attribute = radiusGroupName
              timeout = 4
              timelimit = 3
              net_timeout = 1
              # compare_check_items = yes
              # do_xlat = yes
              # access_attr_used_for_allow = yes
        }
   
   
   
  --------------------
   
  Radius – X
   
               log.radius.txt
   
   

		
---------------------------------
 Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.
		
---------------------------------
 Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060425/32fed4b9/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.radius.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060425/32fed4b9/attachment.txt>

More information about the Freeradius-Users mailing list