Secure FreeRADIUS & LDAP

John Dennis jdennis at redhat.com
Fri Feb 20 14:53:30 CET 2009


Dan Hawker wrote:
> Hi All,
>
> I used to use FreeRADIUS *years* back (iirc pre v1) on Linux and it
> worked rather well :)
>
> Not touched it since, however have just started a new contract and
> there is a requirement to use a RADIUS server to connect to our LDAP
> box (Red Hat Dir Server) to in turn authenticate some users/equipment
> that can't auth directly, but due to the nature of the environment,
> all datastores and comms have to be secured/encrypted.
>
> As the host will be RHEL5, FreeRADIUS would seem the ideal candidate
> (comes with it, although a rather ancient 1.1.3 version by default,
> can upgrade if needed), however before I start installing and testing,
> wondered whether it will satisfy the secure part of the requirements.
>   
Yes, the FreeRADIUS version on RHEL5 is quite old, we're working to get 
a current version into the next RHEL update, until such time you can 
build and install the latest (2.1.3) by following instructions here:

http://wiki.freeradius.org/Red_Hat_FAQ
> So... My questions...
> # Can freeradius talk to the ldap box using TLS/SSL (ldaps)
>   
yes
> # Can freeradius read hashed credentials from the LDAP store and then
> actually use them???
>   
yes
> # There may be a requirement to use certificates for auth, can the
> ldap/freeradius module handle certs???
>   
yes
> Am sure there will be other issues/questions but until then.
>
> TIA
>
> Dan
>   
-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/




More information about the Freeradius-Users mailing list