ldap module for user and mac authentication

Dave Macias davama at gmail.com
Tue Aug 7 17:50:05 CEST 2018


So background of environment i am testing:

master (freeradius and openldap) server - which auths users and provides
other services
slave (freeradius and openldap) server - which replicates based off of
master and *only* auths macs

On the SLAVE, I am able to use the ldap module to auth a mac address
On the MASTER, i am also able to auth a mac but by doing something like the
links below:

Is there a way on the MASTER to use the ldap module to also auth macs? I
like the ability to add several ldap servers in conjunction with the
"do_not_respond" control policy.

Here is the changes i did on the ldap module to make it work for the SLAVE:
ldap {
server = 'localhost'
server = 'master-server'
base_dn = 'dc=myorg,dc=net'
user {
base_dn = "ou=%{config:local.BRN},ou=macs,${..base_dn}"
filter = "(cn=%{%{Stripped-User-Name}:-%{User-Name}})"

Hope this makes sense.
Any input will is appreciated.

Thank you,

More information about the Freeradius-Users mailing list