h1. Parametrage Tips: http://blog.clemanet.com/freeradius-et-openldap/ == Installation freeradius et openldap ==
# apt-get install freeradius freeradius-ldap slapd ldap-utils== Ajout du schema radius dans le ldap ==
# cp /usr/share/doc/freeradius/examples/openldap.schema /etc/ldap/schema/radius.schema # echo "include /etc/ldap/schema/radius.schema" > /tmp/schema-convert # mkdir /tmp/ldap_schema && slaptest -f /tmp/schema-convert -F /tmp/ldap_schemaOuvrir le fichier @/tmp/ldap_schema/cn=config/cn=schema/cn={0}radius.ldif@ et remplacer:
dn: cn={0}radius objectClass: olcSchemaConfig cn: {0}radiuspar:
dn: cn=radius,cn=schema,cn=config objectClass: olcSchemaConfig cn: radiusPuis supprimer les lignes suivantes à la fin du fichier:
structuralObjectClass: olcSchemaConfig entryUUID: d3f8dbfa-297a-1031-9222-176c711ae4e0 creatorsName: cn=config createTimestamp: 20120503144845Z entryCSN: 20120503144845.283270Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20120503144845Z
# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ldap_schema/cn\=config/cn\=schema/cn\=\{0\}radius.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=radius,cn=schema,cn=config"== Configuration du module ldap == Editer /etc/freeradius/modules/ldap server = "127.0.0.1" identity = "cn=admin,dc=entrouvert,dc=org" password = motdepassecomplique basedn = "dc=entrouvert,dc=org" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" dictionary_mapping = ${confdir}/ldap.attrmap Activation de ldap pour l’authentification Dans le fichier /etc/freeradius/sites-available/default: Section authorize { ... ldap ... } puis authenticate { ... Auth-Type LDAP { ldap } ... } h2. Tester la connexion Arrêter le serveur:
# service freeradius stopLancer le serveur en mode debug:
# freeradius -XVérifier si le serveur répond bien:
radtestpar exemple:127.0.0.1 1 testing123
# radtest 99c543e03c1649de87de47044c86cce3 fef3db94593e4944a8b2cf103b890ea8 127.0.0.1 1 testing123 Sending Access-Request of id 98 to 127.0.0.1 port 1812 User-Name = "99c543e03c1649de87de47044c86cce3" User-Password = "fef3db94593e4944a8b2cf103b890ea8" NAS-IP-Address = 127.0.1.1 NAS-Port = 1 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=98, length=20