<div>Thanks.</div> <div> </div> <div>So key-file-password do not set in radiusd.conf/rlm_ldap section.</div> <div>I still donot know how to configure key-password in Openldap, Where I can get any document or Wiki ? Thanks.</div> <div> </div> <div>John.</div> <div> </div> <div><BR><B><I>"Ranner, Frank MR" <Frank.Ranner@defence.gov.au></I></B> дµÀ£º</div> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Yes. eap.conf is part of radiusd.conf.<BR>But I can not find a variable to set key-file-password in<BR>rlm_ldap section.<BR><BR><BR># Lightweight Directory Access Protocol (LDAP)<BR>ldap {<BR>server = "ldap.your.domain"<BR># identity = "cn=admin,o=My Org,c=UA"<BR># password = mypass<BR>basedn = "o=My Org,c=UA"<BR>filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"<BR># base_filter = "(objectclass=radiusprofile)"<BR># set this to 'yes' to use TLS encrypted connections<BR># to the LDAP database by
using the StartTLS extended<BR># operation.<BR># The StartTLS operation is supposed to be used with normal<BR># ldap connections instead of using ldaps (port 689)<BR>connections<BR>start_tls = no<BR># tls_cacertfile = /path/to/cacert.pem<BR># tls_cacertdir = /path/to/ca/dir/<BR># tls_certfile = /path/to/radius.crt<BR># tls_keyfile = /path/to/radius.key<BR># tls_randfile = /path/to/rnd<BR># tls_require_cert = "demand"<BR># default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"<BR># profile_attribute = "radiusProfileDn"<BR>access_attr = "dialupAccess"<BR><BR><BR>So use openssl to remove the password from the key and put the key in a<BR>secure directory. The key itself should have 400 permissions and be<BR>owned<BR>by the ldap user. What's the problem?<BR><BR>Regards, <BR>Frank Ranner<BR><BR><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR></BLOCKQUOTE><BR><p>
<hr size=1><a href="https://member.cn.yahoo.com/cnreg/reginfo.html?id=89034" target=blank>ÑÅ»¢ÓÊÏ䣬ÖÕÉú»ï°é£¡</a>