How to authenticate FreeRadius with OpneLdap
System Information:
IP Address of FreeRadius Server: 192.168.2.200
IP Address of FreeRAdius Client Server: 192.168.2.100
Install FreeRadius on Server:
Download radius ldap schema file and copy to ldap schema directory
Include file in ldap configuration file /etc/openldap/slapd.conf
Edit /etc/raddb/modules/ldap and add below entry
In /etc/raddb/ldap.attrmap add below entry
Enable LDAP authentication in /etc/raddb/sites-available/inner-tunnel and /etc/raddb/sites-available/default by uncommenting below lines
Test setup by using below command
How to Add Clinets to Radius
Login to the server: 192.168.2.100
Issue the below command to test the authentication
IP Address of FreeRadius Server: 192.168.2.200
IP Address of FreeRAdius Client Server: 192.168.2.100
Install FreeRadius on Server:
yum install freeradius2 freeradius2-utils freeradius2-ldap
Download radius ldap schema file and copy to ldap schema directory
# wget http://open.rhx.it/phamm/schema/radius.schema
# cp radius.schema /etc/openldap/schema/
Include file in ldap configuration file /etc/openldap/slapd.conf
include /etc/openldap/schema/radius.schema
Edit /etc/raddb/modules/ldap and add below entry
vi /etc/raddb/modules/ldap
ldap {
server = "ldap01.example.com"
#identity = "cn=Manager,dc=example,dc=com"
#password = password
basedn = "dc=example,dc=com"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
base_filter = "(objectclass=posixAccount)"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
ldap_connections_number = 5
password_header = "{crypt}"
password_attribute =User-Password
timeout = 4
timelimit = 3
net_timeout = 1
}
In /etc/raddb/ldap.attrmap add below entry
checkItem User-Password userPassword replyItem Tunnel-Type radiusTunnelType replyItem Tunnel-Medium-Type radiusTunnelMediumType replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
Enable LDAP authentication in /etc/raddb/sites-available/inner-tunnel and /etc/raddb/sites-available/default by uncommenting below lines
Auth-Type LDAP { ldap }
Test setup by using below command
radtest ldapuser1 password 127.0.0.1 0 testing123
How to Add Clinets to Radius
vi /etc/raddb/clients.conf
client LinuxBox { ipaddr = 192.168.2.100 secret = testing123$ shortname = client1 }
Then restart the radius server
/etc/init.d/radiusd restart
Login to the server: 192.168.2.100
Issue the below command to test the authentication
radtest ldapuser1 password 192.168.2.200 1812 testing123$
Nhận xét
Đăng nhận xét