About configuration and high availability

[Marcos Renato da Silva Junior]

Hi,

I created a testing environment based on two Raspberry Pi (attached 
diagram), in my tests it has worked well, following the documentation I 
changed the configuration filesthe least possible, as I have a file 
server (Samba) and to maintain compatibility with Windows my Openldap 
has the userPassword, sambaLMPassword and sambaNTPassword attributes 
(managed by Smbldap-tools), allowing the operation of PEAP/MSCHAPV2, 
PEAP/GTC and TTLS/PAP, on high availability I am using Corosync / 
Pacemaker, it works but this is the best way to do things ?

Thansk,

Marcos Renato.


*/etc/freeradius/3.0/mods-available/ldap :*

ldap {
     server = 'rasp4.acme.lab'
     identity = 'cn=admin,dc=acme,dc=lab'
     password = password
     base_dn = 'dc=acme,dc=lab'
...
...
...
     tls {
         start_tls = yes
         ca_file    = ${certdir}/cacert.pem
         require_cert    = 'demand'
     }


*/etc/freeradius/3.0/mods-available/ldap :*

     update {
                 control:NT-Password             := 'sambaNTPassword'
                 control:LM-Password             := 'sambaLMPassword'


*/etc/freeradius/3.0/clients.conf :*

client ap1 {
         ipaddr      = 192.168.0.1
         secret      = password
}


*/etc/freeradius/3.0/radiusd.conf :*

log {
     auth = yes
...
...
...
proxy_requests  = no
#$INCLUDE proxy.conf

diagram.jpg


-- 
Marcos Renato da Silva Junior
Universidade Estadual Paulista - Unesp
Faculdade de Engenharia de Ilha Solteira - FEIS
Departamento de Engenharia Elétrica
15385-000 - Ilha Solteira/SP
(18) 3743-1164