How to authenticate FreeRadius with OpneLdap



System Information:
IP Address of FreeRadius Server: 192.168.2.200
IP Address of FreeRAdius Client Server: 192.168.2.100
Install FreeRadius on Server:
yum install freeradius2 freeradius2-utils freeradius2-ldap

Download radius ldap schema file and copy to ldap schema directory
# wget http://open.rhx.it/phamm/schema/radius.schema
# cp radius.schema /etc/openldap/schema/

Include file in ldap configuration file /etc/openldap/slapd.conf
 
include /etc/openldap/schema/radius.schema

Edit /etc/raddb/modules/ldap and add below entry
 
vi /etc/raddb/modules/ldap
ldap {
        server = "ldap01.example.com"
        #identity = "cn=Manager,dc=example,dc=com"
        #password = password
        basedn = "dc=example,dc=com"
        filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
        base_filter = "(objectclass=posixAccount)"
        start_tls = no
        dictionary_mapping = ${raddbdir}/ldap.attrmap
        ldap_connections_number = 5
        ldap_connections_number = 5
        password_header = "{crypt}"
        password_attribute =User-Password
        timeout = 4
        timelimit = 3
net_timeout = 1
}

In /etc/raddb/ldap.attrmap add below entry
 
checkItem User-Password userPassword
replyItem Tunnel-Type radiusTunnelType
replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId

Enable LDAP authentication in /etc/raddb/sites-available/inner-tunnel and /etc/raddb/sites-available/default by uncommenting below lines
 
Auth-Type LDAP {
ldap
}

Test setup by using below command
 
radtest ldapuser1 password 127.0.0.1 0 testing123

How to Add Clinets to Radius
 
vi /etc/raddb/clients.conf
client LinuxBox {
        ipaddr = 192.168.2.100
        secret = testing123$
        shortname = client1
}
 
Then restart the radius server
/etc/init.d/radiusd restart

Login to the server: 192.168.2.100
Issue the below command to test the authentication
 
radtest ldapuser1 password 192.168.2.200 1812 testing123$

Nhận xét

Bài đăng phổ biến