FreeRadius OpenLDAP TTLS/PAP

akkouche akkouchekahina at hotmail.fr
Thu Jun 14 13:17:58 CEST 2012


#
        #  Note that this needs to match the name in the LDAP
        #  server certificate, if you're using ldaps.
        server = "localhost"
        identity = "cn=admin,dc=tem-tsp,dc=eu"
        password = secret
        basedn = "dc=tem-tsp,dc=eu"
        password_attribute = Cleartext-Password
        filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
        #base_filter = "(objectclass=radiusprofile)"

        #  How many connections to keep open to the LDAP server.
        #  This saves time over opening a new LDAP socket for
        #  every authentication request.
        ldap_connections_number = 5
# seconds to wait for LDAP query to finish. default: 20
        timeout = 4

        #  seconds LDAP server has to process the query (server-side
        #  time limit). default: 20
        #
        #  LDAP_OPT_TIMELIMIT is set to this value.
        timelimit = 3

        #
        #  seconds to wait for response of the server. (network
        #   failures) default: 10
        #
        #  LDAP_OPT_NETWORK_TIMEOUT is set to this value.
        net_timeout = 1
tls {
                # Set this to 'yes' to use TLS encrypted connections
                # to the LDAP database by using the StartTLS extended
                # operation.
                #
                # The StartTLS operation is supposed to be
                # used with normal ldap connections instead of
                # using ldaps (port 689) connections
                start_tls = no

                # cacertfile    = /path/to/cacert.pem
                # cacertdir             = /path/to/ca/dir/
                # certfile              = /path/to/radius.crt
         #  Certificate Verification requirements.  Can be:
                #    "never" (don't even bother trying)
                #    "allow" (try, but don't fail if the cerificate
                #               can't be verified)
                #    "demand" (fail if the certificate doesn't verify.)
                #
                #       The default is "allow"
                # require_cert  = "demand"
        }

        # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
        # profile_attribute = "radiusProfileDn"
        # access_attr = "dialupAccess"

        # Mapping of RADIUS dictionary attributes to LDAP
        # directory attributes.
        dictionary_mapping = ${confdir}/ldap.attrmap





-----
kahina akkouche
--
View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRadius-OpenLDAP-TTLS-PAP-tp5713750p5713751.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.


More information about the Freeradius-Users mailing list