ldap+freeradius

suggestme samanaupadhyay at hotmail.com
Wed Nov 9 19:40:23 CET 2011 

Alan,


The LDAP server was already configred in other machine by System
Administrator. I am trying to link FreeRadius to that existing and already
running LDAP server and authenticate the users using already configured
attribute. I didn't download LDAP on this machine where FreeRadius is
running. I made the LDAP option "on" during the FreeRadius installation
like:

==> The following configuration options are available for
freeradius-2.1.10_2:
     USER=on "Run as user freeradius, group freeradius"
     KERBEROS=on "With Kerberos support"
     HEIMDAL=off "With Heimdal Kerberos support"
     LDAP=on "With LDAP database support"
     MYSQL=on "With MySQL database support"
     PGSQL=on "With PostgreSQL database support"
     UNIXODBC=on "With unixODBC database support"
     FIREBIRD=on "With Firebird database support (EXPERIMENTAL)"
     PERL=on "With Perl support"
     PYTHON=on "With Python support"
     OCI8=on "With Oracle support (currently experimental)"
     RUBY=on "With Ruby support (EXPERIMENTAL)"
     DHCP=on "With DHCP support (EXPERIMENTAL)"
     EXPERIMENTAL=on "Build experimental modules"
     UDPFROMTO=on "Compile in UDPFROMTO support"
===> Use 'make config' to modify these settings


*The scenario is LDAP is already running in one server and Freeradius is
running in another server. I just changed the configuration settings on 
freeBSD server where FreeRadius is running as:*



*/usr/local/etc/raddb/modules/ldap :*


ldap { 
  
     # Define the LDAP server and the base domain name 
  
     server = "localhost"      
basedn = "dc=example,dc=com"
  
     # Define which attribute from an LDAP "ldapsearch" query 
     # is the password. Create a filter to extract the password 
     # from the "ldapsearch" output 
  
     password_attribute = "userPassword" 
     filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" 
  
     # The following are RADIUS defaults 
     start_tls = no 
     dictionary_mapping = ${raddbdir}/ldap.attrmap 
     ldap_connections_number = 5 
     timeout = 4 
     timelimit = 3 
     net_timeout = 1 
} 


*/usr/local/etc/raddb/sites-enabled/default :*

authorize { 
    ... 
    ... 
    # 
    #  The ldap module will set Auth-Type to LDAP if it has not 
    #  already been set 
    Ldap 
    ... 
    ... 
} 


Auth-Type LDAP { 
     ldap 
} 

 Also, same type of modifications has been done on : 

*/usr/local/etc/raddb/sites-enabled/inner-tunnel*


Also, change has been made to users file adding LDAP user authentication. 



Thanks for the suggestions...........



--
View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978695.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list