h1. Parametrage Tips: http://blog.clemanet.com/freeradius-et-openldap/ == Installation freeradius et openldap == 
 # apt-get install freeradius freeradius-ldap slapd ldap-utils
== Ajout du schema radius dans le ldap == 
# cp /usr/share/doc/freeradius/examples/openldap.schema /etc/ldap/schema/radius.schema
# echo "include /etc/ldap/schema/radius.schema" > /tmp/schema-convert
# mkdir /tmp/ldap_schema && slaptest -f /tmp/schema-convert -F /tmp/ldap_schema
Ouvrir le fichier @/tmp/ldap_schema/cn=config/cn=schema/cn={0}radius.ldif@ et remplacer: 
  dn: cn={0}radius
    objectClass: olcSchemaConfig
    cn: {0}radius
par: 
  dn: cn=radius,cn=schema,cn=config
    objectClass: olcSchemaConfig
    cn: radius
Puis supprimer les lignes suivantes à la fin du fichier: 
  structuralObjectClass: olcSchemaConfig
  entryUUID: d3f8dbfa-297a-1031-9222-176c711ae4e0
  creatorsName: cn=config
  createTimestamp: 20120503144845Z
  entryCSN: 20120503144845.283270Z#000000#000#000000
  modifiersName: cn=config
  modifyTimestamp: 20120503144845Z

# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ldap_schema/cn\=config/cn\=schema/cn\=\{0\}radius.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=radius,cn=schema,cn=config"
== Configuration du module ldap == Editer /etc/freeradius/modules/ldap server = "127.0.0.1" identity = "cn=admin,dc=entrouvert,dc=org" password = motdepassecomplique basedn = "dc=entrouvert,dc=org" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" dictionary_mapping = ${confdir}/ldap.attrmap Activation de ldap pour l’authentification Dans le fichier /etc/freeradius/sites-available/default: Section authorize { ... ldap ... } puis authenticate { ... Auth-Type LDAP { ldap } ... } h2. Tester la connexion Arrêter le serveur: 
   # service freeradius stop
Lancer le serveur en mode debug: 
# freeradius -X
Vérifier si le serveur répond bien: 
radtest   127.0.0.1 1 testing123
par exemple: 
# radtest 99c543e03c1649de87de47044c86cce3 fef3db94593e4944a8b2cf103b890ea8  127.0.0.1 1 testing123
Sending Access-Request of id 98 to 127.0.0.1 port 1812
	User-Name = "99c543e03c1649de87de47044c86cce3"
	User-Password = "fef3db94593e4944a8b2cf103b890ea8"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 1
	Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=98, length=20