FreeRADIUS 3.0.x and user authentification against Novell eDirectory without Universal Password
Martin Kozelský
martin.kozelsky at post.cz
Wed Apr 8 11:51:48 CEST 2020
>> Or any advice?
>
> Configure anonymous search. Configure bind as user. Run the "ldap" module in the "authenticate" section.
>
> Delete all eDirectory magic from the configuration.
>
> Alan DeKok/
>
It works!
Configured:
1. in file sites-enabled/default & inner-tunnel:
a) section authorize {}
#
# The ldap module reads passwords from the LDAP database.
ldap
if ((ok || updated) && User-Password) {
update {
control:Auth-Type := ldap
}
}
b) section authenticate {}
# Uncomment it if you want to use ldap for authentication
#
# Note that this means "check plain-text password against
# the ldap database", which means that EAP won't work,
# as it does not supply a plain-text password.
#
# We do NOT recommend using this. LDAP servers are databases.
# They are NOT authentication servers. FreeRADIUS is an
# authentication server, and knows what to do with authentication.
# LDAP servers do not.
#
Auth-Type LDAP {
ldap
}
2. in file mods-enabled/ldap (it is default):
# Set to yes if you have eDirectory and want to use the universal
# password mechanism.
edir = no
# Set to yes if you want to bind as the user after retrieving the
# Cleartext-Password. This will consume the login grace, and
# verify user authorization.
edir_autz = no
It is all.
Thank you
Martin Kozelsky
More information about the Freeradius-Users
mailing list