ldap

Julian Macassey julian at tele.com
Mon Jun 24 20:22:13 CEST 2013 

On 2013-06-24 at 18:38, A.L.M.Buxey at lboro.ac.uk (A.L.M.Buxey at lboro.ac.uk) wrote:

> Hi,
> 
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> > ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp
> > dpt:1812
> 
> you see this - TCP
> 
> read a little about RADIUS it uses UDP
> 
> change your rule to allow UDP port 1812

	I had it wide open. Someone suggested I add the tcp above.

Now I have iptables wide open:

iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

-----

> 
> > # radtest evergreen at plumgrid.com "Y0V2T2VAKI" 192.168.10.14 0 d1sc0verplum
> > 
> > 	Is not sending my radius request to the ldap server
> > (192.168.10.14)?
> 
> we, it is....but there is NOTHING an LDAP server can do with a RADIUS request.

	I get that. What I want the RADIUS server to do is query
the LDAP server, rather than say a database or the
/etc/freeradius/users file.

> 
> you send RADIUS requests to a RADIUS server....the RADIUS server will then
> open up required connections to backend systems (eg LDAP to an LDAP
> server, SQL to an SQL server etC) to deal with AAA requirements.

	Yes, I get that. I am trying to prove via radtest that
the radius server can authenticate to the radius server, just as
the users file can authenticate to the radius server.

> 
> I dont use HTTP to talk to an SSH server
	
	Neither do I.

> 
> > 	In which case, how do I test that freeradius is working
> > with ldap?
> 
> you fire a RADIUS authentication against the RADIUS server
> 
> radtest username password radius-server port secret

	
> 
> > 	Does this mean I need to set up say a WiFi router to use
> > WPA2 Enterprise and send auth requests to the radius server and
> > then the radius server passes requests to the ldap server. This
> 
> yes.

	So, I can run radtest only using credentials in
/etc/freeradius/users?


-- 
"They: The makers of the Constitution: conferred, as against the government,
the right to be let alone -- the most comprehensive of rights and the right
most valued by civilized men." - Justice Louis D. Brandeis

More information about the Freeradius-Users mailing list