Freeradius LDAP at RHEL 5.1
Renato Gregio de Souza Filho
renatogsf at email.peixoto.com.br
Thu Jan 17 20:29:52 CET 2008
Hi all,
I'm trying to configure freeradius to authenticate at LDAP Database. I have a poor knowledgement about freeradius and need help :) ...
What i need to do to configure correctly my freeradius to authenticate at ldap database? how do i can test it?
today i have the following structure at my ldap tree, OU, and user example:
#######################################################################
dn: dc=peixotoradius,dc=com,dc=br
objectClass: top
objectClass: dcObject
objectClass: organization
o: Peixoto
dc: peixotoradius
dn: ou=usuarios,dc=peixotoradius,dc=com,dc=br
objectClass: top
objectClass: organizationalUnit
ou: usuarios
dn: uid=1015,ou=Usuarios,dc=peixotoradius,dc=com,dc=br
uid: 1015
cn: 1015
userPassword: {crypt}$1$1gLC/3mY$aEsZ9ckW6FvyNkUrWDtv0.
objectClass: radiusObjectProfile
#######################################################################
and at my /etc/raddb/radiusd.conf i have the following at ldap:
#######################################################################
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = /usr/lib64
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
shadow = /etc/shadow
radwtmp = ${logdir}/radwtmp
}
$INCLUDE ${confdir}/eap.conf
ldap {
server = "localhost"
identity = "cn=admin,dc=peixotoradius,dc=com,dc=br"
password = My_password
basedn = "dc=peixotoradius,dc=com,dc=br"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
timeout = 4
timelimit = 3
net_timeout = 1
}
#######################################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080117/b11f9528/attachment.html>
More information about the Freeradius-Users
mailing list