LDAP authentication
Vladimir Vuksan
vlists at veus.hr
Wed Jul 13 03:48:59 CEST 2005
Florin Andrei wrote:
>To be more precise, authentication happens during the LDAP Bind request.
>Subsequent searches are irrelevant.
>
>Can freeradius do the same? I.e., wait for a username / password request
>from a client, bind to the LDAP server using the supplied password (and
>passing the username with the DN line) and report success/failure to the
>Radius client based on the success/failure of the LDAP Bind transaction.
>
>
Yes. Please check out
http://vuksan.com/linux/dot1x/802-1x-LDAP.html#Set_up_FreeRADIUS
Only difference in the config for you is that you will exclude following
two lines
identity = "uid=onex,cn=users,dc=cs,dc=school,dc=edu"
password = "oursecret"
ie.
ldap ldap_1x {
server = "ldap1.cs.school.edu"
basedn = "dc=cs,dc=school,dc=edu"
base_filter = "(objectclass=radiusprofile)"
start_tls = yes
# This is your Certificate Authority (CA) certificate
tls_cacertfile = /etc/ldap/csca.crt
tls_require_cert = "demand"
access_attr = "radiusFilterId"
dictionary_mapping = ${raddbdir}/ldap.attrmap
authtype = ldap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
Hope this helps,
Vladimir
More information about the Freeradius-Users
mailing list