my Radius goal radius and openldap.
I already have functioning openldap with SSL. (actually a neat little multi master setup.) I would like to get this radius to authenticate against the openldap. I have dug around Google and found some useful looking pages, but I wonder if anybody has any hot tips on this so I don't feel like I am completely reinventing the wheel. Thanks Chris s.
On 9 Sep 2013, at 23:00, "Swenson, Chris" <cswenson@curry.edu> wrote:
I already have functioning openldap with SSL. (actually a neat little multi master setup.) I would like to get this radius to authenticate against the openldap.
You have plaintext passwords then?
I have dug around Google and found some useful looking pages, but I wonder if anybody has any hot tips on this so I don’t feel like I am completely reinventing the wheel.
Use FreeRADIUS 3.0.0-rc1, the LDAP module is SIGNIFICANTLY better. For redundancy/resilience you can either just point the module at a round-robin FQDN, or set a comma delimited list of servers in the 'server' config item, libldap handles the failover. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
No, they are encrypted in the ldap database in md5 hash. I might be too old to do bleeding edge stuff like 3.0 RC1 I will take a look and a poke at it though. Thanks. -----Original Message----- From: freeradius-users-bounces+cswenson=curry.edu@lists.freeradius.org [mailto:freeradius-users-bounces+cswenson=curry.edu@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Monday, September 09, 2013 6:54 PM To: FreeRadius users mailing list Subject: Re: my Radius goal radius and openldap. On 9 Sep 2013, at 23:00, "Swenson, Chris" <cswenson@curry.edu> wrote:
I already have functioning openldap with SSL. (actually a neat little multi master setup.) I would like to get this radius to authenticate against the openldap.
You have plaintext passwords then?
I have dug around Google and found some useful looking pages, but I wonder if anybody has any hot tips on this so I don't feel like I am completely reinventing the wheel.
Use FreeRADIUS 3.0.0-rc1, the LDAP module is SIGNIFICANTLY better. For redundancy/resilience you can either just point the module at a round-robin FQDN, or set a comma delimited list of servers in the 'server' config item, libldap handles the failover. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10 Sep 2013, at 00:19, "Swenson, Chris" <cswenson@curry.edu> wrote:
No, they are encrypted in the ldap database in md5 hash.
Right, but you have the plaintext version from the user?
I might be too old to do bleeding edge stuff like 3.0 RC1 I will take a look and a poke at it though.
Fair enough. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
participants (2)
-
Arran Cudbard-Bell -
Swenson, Chris