freeRADIUS + Openldap with TLS [sec=unclassified]
Ranner, Frank MR
Frank.Ranner at defence.gov.au
Tue Oct 30 03:52:02 CET 2007
Yes. eap.conf is part of radiusd.conf.
But I can not find a variable to set key-file-password in
rlm_ldap section.
# Lightweight Directory Access Protocol (LDAP)
ldap {
server = "ldap.your.domain"
# identity = "cn=admin,o=My Org,c=UA"
# password = mypass
basedn = "o=My Org,c=UA"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# base_filter = "(objectclass=radiusprofile)"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689)
connections
start_tls = no
# tls_cacertfile = /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = "demand"
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
access_attr = "dialupAccess"
So use openssl to remove the password from the key and put the key in a
secure directory. The key itself should have 400 permissions and be
owned
by the ldap user. What's the problem?
Regards,
Frank Ranner
More information about the Freeradius-Users
mailing list