How to Change Auth Type LOcal to LDAP only
eduardo moreira
eduardomoreirars at gmail.com
Thu Nov 11 14:04:44 CET 2010
HI list,
In few weeks i try to configure freeradius with ldap, but no sucess.
Ok ok, i read many about this, but no work.
Only authenticate Local, but need authenticate only with LDAP.
See bellow my radiusd.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
user = freerad
group = freerad
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
#bind_address = *
#port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = yes
lower_pass = yes
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
listen {
type = auth
ipaddr = 10.12.60.19
port = 0
}
listen {
type = acct
ipaddr = 10.12.60.19
port = 0
}
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
$INCLUDE ${confdir}/eap.conf
mschap {
}
ldap {
server = "ldap.intra proxy.intra localhost"
identity =
"uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br"
password = dfjk129!@
basedn = "dc=policiacivil,dc=rs,dc=gov,dc=br"
filter = "(uid=%u)"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
groupname_attribute = radiusgroupname
groupmembership_filter =
(&(objectclass=posixGroup)(memberuid=%u))
timeout = 4
timelimit = 3
net_timeout = 1
set_auth_type = yes
}
#ldap {
# server = "localhost"
# identity = "cn=admin,dc=fabrica,dc=corp"
# password = 123
# basedn = "ou=Usuarios,dc=fabrica,dc=corp"
# filter = "(uid=%u)"
# start_tls = no
# dictionary_mapping = ${raddbdir}/ldap.attrmap
# ldap_cache_timeout = 120
# ldap_cache_size = 0
# ldap_connections_number = 10
# password_attribute = userPassword
# timeout = 3
# timelimit = 5
# net_timeout = 1
# compare_check_items = no
# access_attr_used_for_allow = yes
# set_auth_type = yes
# }
# realm LOCAL {
# format = prefix
# delimiter = "/"
# ignore_default = no
# ignore_null = no
# }
#
# realm suffix {
# format = suffix
# delimiter = "@"
# ignore_default = no
# ignore_null = no
# }
#
# realm realmpercent {
# format = suffix
# delimiter = "%"
# ignore_default = no
# ignore_null = no
# }
#
# realm ntdomain {
# format = prefix
# delimiter = "\\"
# ignore_default = no
# ignore_null = no
# }
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port"
}
# $INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
}
instantiate {
exec
expr
}
authorize {
preprocess
mschap
# suffix
files
ldap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
ldap
unix
eap
}
preacct {
preprocess
acct_unique
# suffix
files
}
accounting {
detail
radutmp
}
session {
radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {
eap
}
realy need help.
THanks for advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101111/9a41a482/attachment.html>
More information about the Freeradius-Users
mailing list