About configuration and high availability

Marcos Renato da Silva Junior marcosjr at dee.feis.unesp.br
Fri Sep 7 14:44:10 CEST 2018


I created a testing environment based on two Raspberry Pi (attached 
diagram), in my tests it has worked well, following the documentation I 
changed the configuration filesthe least possible, as I have a file 
server (Samba) and to maintain compatibility with Windows my Openldap 
has the userPassword, sambaLMPassword and sambaNTPassword attributes 
(managed by Smbldap-tools), allowing the operation of PEAP/MSCHAPV2, 
PEAP/GTC and TTLS/PAP, on high availability I am using Corosync / 
Pacemaker, it works but this is the best way to do things ?


Marcos Renato.

*/etc/freeradius/3.0/mods-available/ldap :*

ldap {
     server = 'rasp4.acme.lab'
     identity = 'cn=admin,dc=acme,dc=lab'
     password = password
     base_dn = 'dc=acme,dc=lab'
     tls {
         start_tls = yes
         ca_file    = ${certdir}/cacert.pem
         require_cert    = 'demand'

*/etc/freeradius/3.0/mods-available/ldap :*

     update {
                 control:NT-Password             := 'sambaNTPassword'
                 control:LM-Password             := 'sambaLMPassword'

*/etc/freeradius/3.0/clients.conf :*

client ap1 {
         ipaddr      =
         secret      = password

*/etc/freeradius/3.0/radiusd.conf :*

log {
     auth = yes
proxy_requests  = no
#$INCLUDE proxy.conf


Marcos Renato da Silva Junior
Universidade Estadual Paulista - Unesp
Faculdade de Engenharia de Ilha Solteira - FEIS
Departamento de Engenharia Elétrica
15385-000 - Ilha Solteira/SP
(18) 3743-1164

More information about the Freeradius-Users mailing list