Authentication with ldap support
Michael Schwartzkopff
ms at sys4.de
Tue Mar 30 12:39:47 CEST 2021
On 30.03.21 12:25, Marco Miglietta wrote:
> Thank you Alan. I hope in a short time to become a little expert with
> freeradius while I try to solve daily problems.
> I would to use freeradius for authentication and only to verify user
> password with the one that is in external ldap that I bind.
> Where have I to operate, what are the involved config files ?
> Do you have any suggestions ?
> Thank you v.m.
>
> Marco.
>
Hi,
freeradius has a nice LDAP module. Please read the comments in the
config file. Then try a ldapseach manually. If that succeeds, you know
all parameters that you have to configure in the ldap module of freeradius.
Doc also:
https://networkradius.com/doc/3.0.10/raddb/mods-available/ldap.html
Greetings,
Michael
>
>
> Il 24/03/21 12:39, Alan DeKok ha scritto:
>> On Mar 24, 2021, at 7:15 AM, Marco Miglietta
>> <marco.miglietta at unisalento.it> wrote:
>>> In order to solve the problem in passing VLAN related attribute
>>> during 802.1x authentication with Aruba AP, I found the post below
>>> useful.
>>> But this caused problems with VLAN assignment on Junipers switches
>>> during the 802.1x authentication process.
>>> What is a way to solve the problem? The solutions seem to be
>>> mutually exclusive.
>> There is not a unique "the problem" which is being solved.
>> Instead, there is a whole grab-bag of issues.
>>
>> IF you want to apply policies based on "real" name, THEN for PEAP
>> / TTLS, that real name is only available in the inner tunnel. AND
>> THEN you have to apply the policies in the inner tunnel, and then
>> copy the results to the outer reply.
>>
>> IF you want to apply policies based on things like MAC addresses,
>> THEN those addresses are always available (you don't need
>> inner-tunnel). AND THEN you can just apply policies in the "default"
>> outer virtual server.
>>
>> There is no "magic set of incantations" which will make FreeRADIUS
>> do what you want. You have to understand what's going on, including
>> understanding how FreeRADIUS works. And only then can you configure
>> the server to do it.
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Freeradius-Users
mailing list