Re: Fwd: How to configure RADIUS +LDAP using SASL/Certificate based binding instead of usernames and passwords
Thanks John for the reply. can I use EAP-TLS method of authentication with LDAP as backend datastore to check usernames and passwords. It would be like I bind to RADIUS server with EAP-TLS method using certificate and check usernames and passwords from LDAP server if yes on EAP-TLS can you please tell me how to configure EAP-TLS with LDAP as backend datastore. Basically I want to avoid harcoded usernames and passwords in raddb of RADIUS server for authenticating users which I am doing currently . ldap { server = "localhost" # identity = "cn=admin,o=My Org,c=UA" identity = "uid=admin,ou=CamUsers,dc=vmbox,dc=int" password = admin basedn = "ou=CamUsers,dc=vmbox,dc=int" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" # base_filter = "(objectclass=radiusprofile)" # set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # The StartTLS operation is supposed to be used with normal # ldap connections instead of using ldaps (port 689) connections start_tls = yes # tls_cacertfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/cacert.pem # tls_cacertdir = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts # tls_certfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem # tls_keyfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem # tls_randfile = /path/to/rnd tls_require_cert = "allow" Waiting for your inputs Thanks and Regards, Pramod
You need to send mail to ONE list, and ONLY one list. Sending mail to both lists is rude. If you persist, you will be unsubscribed and banned from both lists. Generic configuration questions belong on the freeradius-users list. Use that. Alan DeKok.
participants (2)
-
Alan DeKok -
pramod kulkarni