Freeradius with OpenLDAP (Suse Enterprise 10) [SEC=UNCLASSIFIED]
Ranner, Frank MR
Frank.Ranner at defence.gov.au
Wed Feb 13 04:02:22 CET 2008
UNCLASSIFIED
> Config as requested - I did uncomment and configure the identity
> section
> - is this not required?
>
> ldap {
> #
> # Note that this needs to match the name in the LDAP
> # server certificate, if you're using ldaps.
> server = "localhost"
> identity = "cn=Administrator,dc=dxi,dc=net"
> password = trPic4n03
> basedn = "dc=dxi,dc=net"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> #base_filter = "(objectclass=radiusprofile)"
>
> # How many connections to keep open to the LDAP
> server.
> # This saves time over opening a new LDAP socket for
> # every authentication request.
> ldap_connections_number = 5
>
> # seconds to wait for LDAP query to finish.
> default: 20
> timeout = 4
>
> # seconds LDAP server has to process the query
> (server-side
> # time limit). default: 20
> #
> # LDAP_OPT_TIMELIMIT is set to this value.
> timelimit = 3
>
> #
> # seconds to wait for response of the server.
> (network
> # failures) default: 10
> #
> # LDAP_OPT_NETWORK_TIMEOUT is set to this value.
> net_timeout = 1
> tls {
> # Set this to 'yes' to use TLS encrypted
> connections
> # to the LDAP database by using the StartTLS
> extended
> # operation.
> #
> # The StartTLS operation is supposed to be
> # used with normal ldap connections instead of
> # using ldaps (port 689) connections
> start_tls = no
>
> # cacertfile = /path/to/cacert.pem
> # cacertdir = /path/to/ca/dir/
> # certfile = /path/to/radius.crt
> # keyfile = /path/to/radius.key
> # randfile = /path/to/rnd
>
> # Certificate Verification requirements. Can
> be:
> # "never" (don't even bother trying)
> # "allow" (try, but don't fail if
> the cerificate
> # can't be verified)
> # "demand" (fail if the
> certificate doesn't
> verify.)
> #
> # The default is "allow"
> # require_cert = "demand"
> }
>
> # default_profile =
> "cn=radprofile,ou=dialup,o=My Org,c=UA"
> # profile_attribute = "radiusProfileDn"
> # access_attr = "dialupAccess"
>
> # Mapping of RADIUS dictionary attributes to LDAP
> # directory attributes.
> dictionary_mapping = ${confdir}/ldap.attrmap
>
> # Set password_attribute = nspmPassword to get the
> # user's password from a Novell eDirectory
> # backend. This will work ONLY IF FreeRADIUS has been
> # built with the --with-edir configure option.
> #
> # password_attribute = userPassword
I think you need to un-comment this line --^
Regards,
Frank Ranner
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: EXTNDATT.TXT
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080213/959f2d69/attachment.ksh>
More information about the Freeradius-Users
mailing list