Freeradius - LDAP Authenication

Kris Benson kbenson at sd57.bc.ca
Mon Aug 8 17:32:36 CEST 2005 

FreeRadius users mailing list <freeradius-users at lists.freeradius.org> on
August 8, 2005 at 07:32 -0800 wrote:
>
>I am now at a loss, if anyone has a working config that they wouldn't mind
>sharing that would be much appreciated.

Here's mine:
#### radiusd.conf section
        ldap {
                server = "localhost"
                identity =
"cn=radiusadmin,ou=roleaccounts,dc=sd57,dc=bc,dc=ca"
                password = neveryoumind
                basedn = "dc=sd57,dc=bc,dc=ca"
                filter = "(mail=%{User-Name})"
                start_tls = no
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                ldap_connections_number = 5
                groupname_attribute = cn
                groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
                #groupmembership_attribute = WirelessUsers
                timeout = 4
                timelimit = 3
                net_timeout = 1
                # compare_check_items = yes
                # do_xlat = yes
                # access_attr_used_for_allow = yes
        }

#### users file
DEFAULT         Ldap-Group == "NetworkAccessWireless", Auth-Type = LDAP
                Class = %l,
                Reply-Message = "%u",
                Fall-Through = 1

#### ldap LDIF (passwords removed to protect the innocent)
dn: dc=sd57,dc=bc,dc=ca
dc: sd57
objectClass: dcObject
objectClass: organizationalUnit
ou: Ess Dee Five Seven

dn: ou=roleaccounts,dc=sd57,dc=bc,dc=ca
ou: roleaccounts
objectClass: organizationalUnit

dn: cn=ldapadmin,ou=roleaccounts,dc=sd57,dc=bc,dc=ca
objectClass: person
cn: ldapadmin
sn: AdminAcct
userPassword: {CRYPT}*

dn: cn=radiusadmin,ou=roleaccounts,dc=sd57,dc=bc,dc=ca
objectClass: person
cn: radiusadmin
sn: AdminAcct
userPassword: {CRYPT}*

dn: ou=techstaff,dc=sd57,dc=bc,dc=ca
ou: techstaff
objectClass: organizationalUnit

dn: cn=NetworkAccessWireless,dc=sd57,dc=bc,dc=ca
objectClass: top
objectClass: groupOfNames
member: uid=kbenson,ou=techstaff,dc=sd57,dc=bc,dc=ca
cn: NetworkAccessWireless

dn: uid=kbenson,ou=techstaff,dc=sd57,dc=bc,dc=ca
sn: Benson
mail: kbenson at sd57.bc.ca
cn: Kris Benson
gidNumber: 100
homeDirectory: /home/staff/kbenson
objectClass: inetOrgPerson
objectClass: posixAccount
uidNumber: 3
userPassword: {CRYPT}*
uid: kbenson

####

Let me know if there's anything else you would like to see...

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

More information about the Freeradius-Users mailing list