Fwd: How to configure RADIUS +LDAP using SASL/Certificate based binding instead of usernames and passwords

pramod kulkarni pammu.kulkarni at gmail.com
Wed Apr 10 06:03:15 CEST 2013


>
> Thanks John for the reply.
> can I use EAP-TLS method of authentication with LDAP as backend datastore
> to check usernames and passwords.
> It would be like I bind to RADIUS server with EAP-TLS method using
> certificate and check usernames and passwords from LDAP server
>  if yes on EAP-TLS can you please tell me how to configure EAP-TLS with
> LDAP as backend datastore.
> Basically I want to avoid harcoded usernames and passwords in raddb of
> RADIUS server for authenticating users which I am doing currently .
>  ldap {
> server = "localhost"
> # identity = "cn=admin,o=My Org,c=UA"
> identity = "uid=admin,ou=CamUsers,dc=vmbox,dc=int"
> password = admin
> basedn = "ou=CamUsers,dc=vmbox,dc=int"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> # base_filter = "(objectclass=radiusprofile)"
> # set this to 'yes' to use TLS encrypted connections
> # to the LDAP database by using the StartTLS extended
> # operation.
> # The StartTLS operation is supposed to be used with normal
> # ldap connections instead of using ldaps (port 689) connections
> start_tls = yes
> # tls_cacertfile =
> C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/cacert.pem
> # tls_cacertdir =
> C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts
> # tls_certfile =
> C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem
> # tls_keyfile =
> C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem
> # tls_randfile = /path/to/rnd
> tls_require_cert = "allow"
>  Waiting for your inputs
> Thanks and Regards,
> Pramod
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130410/6f2309ec/attachment.html>


More information about the Freeradius-Devel mailing list