Florin Andrei wrote:
To be more precise, authentication happens during the LDAP Bind request.
Subsequent searches are irrelevant.
Can freeradius do the same? I.e., wait for a username / password request
from a client, bind to the LDAP server using the supplied password (and
passing the username with the DN line) and report success/failure to the
Radius client based on the success/failure of the LDAP Bind transaction.
Yes. Please check out
http://vuksan.com/linux/dot1x/802-1x-LDAP.html#Set_up_FreeRADIUS
Only difference in the config for you is that you will exclude following
two lines
identity = "uid=onex,cn=users,dc=cs,dc=school,dc=edu"
password = "oursecret"
ie.
ldap ldap_1x {
server = "ldap1.cs.school.edu"
basedn = "dc=cs,dc=school,dc=edu"
base_filter = "(objectclass=radiusprofile)"
start_tls = yes
# This is your Certificate Authority (CA) certificate
tls_cacertfile = /etc/ldap/csca.crt
tls_require_cert = "demand"
access_attr = "radiusFilterId"
dictionary_mapping = ${raddbdir}/ldap.attrmap
authtype = ldap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
Hope this helps,
Vladimir
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
