ldap machine account auth tutorial
hello I'm looking for a toturial ti authenticate XP machines accounts (ldap backend) on boot with freeradius here a computer LDAP entry dn: uid=pc-42ee2079$,ou=computer,ou=ressources,ou=test,o=coin,c=fr objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: pc-42ee2079$ uid: pc-42ee2079$ uidNumber: 10006 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: account sambaSID: S-1-5-21-902432509-630223792-3260868441-1000 displayName: pc-42EE2079$ sambaAcctFlags: [W ] sambaNTPassword: 2A8BBB29BEF5F91B02AF687290ADB4F7 sambaPwdLastSet: 1262772595 should I put in ldap.attr checkItem Cleartext-Password sambaNTPassword or should I put in modules/ldap password_attribute = sambaNTPassword What must I put in users file, if I want that assign VLAN If authentification succeed ? thanks
On 01/02/10 12:46, cd wrote:
hello I'm looking for a toturial ti authenticate XP machines accounts (ldap backend) on boot with freeradius
here a computer LDAP entry dn: uid=pc-42ee2079$,ou=computer,ou=ressources,ou=test,o=coin,c=fr objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: pc-42ee2079$ uid: pc-42ee2079$ uidNumber: 10006 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: account sambaSID: S-1-5-21-902432509-630223792-3260868441-1000 displayName: pc-42EE2079$ sambaAcctFlags: [W ] sambaNTPassword: 2A8BBB29BEF5F91B02AF687290ADB4F7 sambaPwdLastSet: 1262772595
should I put in ldap.attr checkItem Cleartext-Password sambaNTPassword
The required config is: checkItem NT-Password sambaNtPassword ...and should already by in the ldap.attrmap One thing to be aware of - the username as supplied in 802.1x will be: host/hostname.domain.com ...and this needs to be re-written to: hostname$ ...the "mschap" module will do this for you; you need to ensure that you're using: %{mschap:User-Name} ...in your LDAP filters.
I want to setup AAA server with freeradius, But when I finished the install, and run radiusd -X, error is } Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } rlm_eap: No such sub-type for default EAP type peap /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap". /usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules can you give me a hand or advice? thanks! 2010-02-01 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 02/01/2010 09:13 AM, hongjianli.nudt@gmail.com wrote:
I want to setup AAA server with freeradius, But when I finished the install, and run radiusd -X, error is } Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2
You, or who ever built the installation did not the development headers and libraries for OpenSSL installed when the build was performed, thus it could not utilize OpenSSL. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/
hongjianli.nudt@gmail.com wrote:
I want to setup AAA server with freeradius, But when I finished the install, and run radiusd -X,
error is
} Ignoring EAP-Type/tls because we do not have OpenSSL support.
If you've installed a Debian package, read the Wiki for how to install a debian package with OpenSSL. If you've installed it by hand, install the OpenSSL development headers && re-build FreeRADIUS. Alan DeKok.
On Mon, Feb 01, 2010 at 05:19:34PM +0100, Alan DeKok wrote:
If you've installed a Debian package, read the Wiki for how to install a debian package with OpenSSL.
Hm, http://wiki.freeradius.org/Build#Building_Debian_packages needs to be updated to tell people to run 'dpkg-buildpackage -rfakeroot -b -uc'. And when it tells them they have missing build-dependencies, then 'apt-get install' that. We also need to add the proper Debian and Ubuntu links to http://wiki.freeradius.org/Binary_packages Can you give me an account or something? -- 2. That which causes joy or happiness.
I want to setup AAA server with freeradius, But when I finished the install, and run radiusd -X, error is } Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. <tim> When you built/compiled FreeRADIUS, the OpenSSL libraries could not be found. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } rlm_eap: No such sub-type for default EAP type peap /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap". /usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules <tim> The EAP module uses SSL and was not built. So, if you do not need to use EAP authentication, you can comment out the "eap" statements in the config files: In radiusd.conf: comment out the line $INCLUDE eap.conf by putting a # at the beginning of the line In sites-available/default: comment out the eap lines in the file. If you need to use EAP authentication, install the OpenSSL libraries using your favorite package installer. Tim
participants (7)
-
Alan DeKok -
cd -
hongjianli.nudt@gmail.com -
John Dennis -
Josip Rodin -
Phil Mayers -
Tim Sylvester