Freeradius and OpenLDAP certificates
Stefan Kania
stefan at kania-online.de
Tue Oct 3 14:05:30 UTC 2023
Hi to all,
I'm new to Freeradius, but not new to OpenLDAP.
I got Freeradius running with ldap-connection and
Kerberos-authentication for searching the LDAP-tree.
Authentication with radtest and a LDAP-user is working:
------------
radtest u1-verw geheim 192.168.56.47 1812 Passw0rd
Sent Access-Request Id 23 from 0.0.0.0:50791 to 192.168.56.47:1812 length 77
User-Name = "u1-verw"
User-Password = "geheim"
NAS-IP-Address = 192.168.56.47
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "geheim"
Received Access-Accept Id 23 from 192.168.56.47:1812 to
192.168.56.47:50791 length 20
------------
I don't want to use MySQL, instead I would like to use OpenLDAP
Starting with OpenLDAP 2.5 you can create and manage user and host
certificats with the overlay "autoca". You can copy your own CA and the
key into OpenLDAP and then let OpenLDAP create the certificate and the
key for users and hosts. The certificate will be stored in the attribute
userCertificate;binary and userPrivateKey;binary the certificate is in
DER-format. I now would like to use the certificates from OpenLDAP for
authentication.
How can I use certificates located in OpenLDAP for user- and host-
authentication?
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3477 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20231003/87f41857/attachment-0001.bin>
More information about the Freeradius-Users
mailing list