LDAP bind user authentication
Stefan Paetow
Stefan.Paetow at ja.net
Sun Oct 12 18:06:26 CEST 2014
> It works _if_ i provide a manager login to the ldap server so the ldap
> module can find the user and add a good password, **but if i delete
> those credentials it fails.**
You'll need a set of credentials to search LDAP for the DN… But a credential should be one that can read/traverse LDAP, but nothing else.
Then at the bottom of the authorize section, add this:
if (User-Password) {
update control {
Auth-Type := ldap
}
}
Finally, in the authenticate section, insert just 'ldap' at the top and change the Auth-Type PAP stanza from the default to the below (which allows you to use the LDAP bind with things like EAP-TTLS/EAP-GTC, which uses PAP):
Auth-Type PAP {
# pap
ldap
}
If you use FreeRADIUS 3.0.x, this becomes a *LOT* easier and straight-forward. The FreeRADIUS guys have built a repository for all major Linux platforms, so you can upgrade to the newest without waiting for your distribution to catch up.
Stefan
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
More information about the Freeradius-Users
mailing list