guide on configuring freeradius 3 LDAP

Alan Buxey alan.buxey at gmail.com
Thu Jan 18 21:20:45 CET 2018


In V3 the are far less things to do to get LDAP integration working. As
Alan days, read the LDAP module, configure it. That's the basics and main
stuff done. You may need, depending on purpose/use to edit the default
and/or inner-tunnel files (you'll see the places noting LDAP).

alan

On 18 Jan 2018 8:10 pm, "Douglas Ward" <douglas at ugutech.com> wrote:

> Thanks Alan, I’ll give that a go. I had gotten the impression that there
> were additional files to configure beyond the mods-available/ldap . Ill
> report back.
>
> -- Douglas
>
>
> > On Jan 18, 2018, at 1:29 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
> >
> >> On Jan 18, 2018, at 1:18 PM, Douglas C Ward <douglas at ugutech.com>
> wrote:
> >> I just joined the list recently, in hopes to get some help in
> configuring LDAP on my FreeRADIUS server. I have found a lot of
> documentation for FreeRADIUS v2, dating from 2011 and 2014, etc. But no
> clear step-by-step to enable LDAP for v3. My server is version 3.0.15. I
> have worked through the initial setup on the http://wiki.freeradius.org/
> guide/Getting-Started <http://wiki.freeradius.org/guide/Getting-Started>
> and was able to connect with “Access-Accept”. But now I want to connect an
> LDAP server (specifically, a VLDAP server from OneLogin). I have all their
> docs, and have all the base DN and Bind DN info. But the documentation at
> http://wiki.freeradius.org/modules/Rlm_ldap <http://wiki.freeradius.org/
> modules/Rlm_ldap> seem to “start in the middle” for me. It says you "can"…
> >>
> >> "To enable LDAP in your FreeRADIUS server, you can:
> >>
> >> • instantiate an ldap module - which sets up the server name, the base
> DN, etc
> >> • authenticate using an ldap module instance - which makes the
> FreeRADIUS server verify the user's identity in the LDAP directory, usually
> involving some form of checking the validity of the password
> >> • authorize using an ldap module instance - which makes the FreeRADIUS
> server verify the user's level of authorization in the LDAP directory,
> usually involving verifying group membership or similar"
> >>
> >> … but I don’t have enough experience to evaluate those options, or know
> how to do any of them. So I am looking for a simple  “how to enable LDAP on
> FreeRADIUS 3” that I can follow to get things working, and learn from
> there. Thank you.
> >
> >  Edit raddb/mods-available/ldap.  Configure it.
> >
> >  i.e. *read* the comments.  They tell you what the options do, and how
> they work.  Fill in the configuration as necessary.
> >
> >  Start the server in debug mode.  Send it a test packet using
> "radtest".  Use a name/password that's in LDAP.
> >
> >  If it gets Access-Accept, you're good!
> >
> >  If not, *read* the debug output to see what it's doing.  If you don't
> understand it, post it here.
> >
> >  It really is that simple.  The "radtest" example *should* work if the
> LDAP module (a) talks to the LDAP server, and (b) is configured to search
> the right part of the LDAP tree.
> >
> >  The default configuration is designed to work with minimal edits.  So
> do minimal edits, and it will work.
> >
> >  Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list