UNCLASSIFIED
> Config as requested - I did uncomment and configure the identity
> section
> - is this not required?
>
> ldap {
> #
> # Note that this needs to match the name in the LDAP
> # server certificate, if you're using ldaps.
> server = "localhost"
> identity = "cn=Administrator,dc=dxi,dc=net"
> password = trPic4n03
> basedn = "dc=dxi,dc=net"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> #base_filter = "(objectclass=radiusprofile)"
>
> # How many connections to keep open to the LDAP
> server.
> # This saves time over opening a new LDAP socket for
> # every authentication request.
> ldap_connections_number = 5
>
> # seconds to wait for LDAP query to finish.
> default: 20
> timeout = 4
>
> # seconds LDAP server has to process the query
> (server-side
> # time limit). default: 20
> #
> # LDAP_OPT_TIMELIMIT is set to this value.
> timelimit = 3
>
> #
> # seconds to wait for response of the server.
> (network
> # failures) default: 10
> #
> # LDAP_OPT_NETWORK_TIMEOUT is set to this value.
> net_timeout = 1
> tls {
> # Set this to 'yes' to use TLS encrypted
> connections
> # to the LDAP database by using the StartTLS
> extended
> # operation.
> #
> # The StartTLS operation is supposed to be
> # used with normal ldap connections instead of
> # using ldaps (port 689) connections
> start_tls = no
>
> # cacertfile = /path/to/cacert.pem
> # cacertdir = /path/to/ca/dir/
> # certfile = /path/to/radius.crt
> # keyfile = /path/to/radius.key
> # randfile = /path/to/rnd
>
> # Certificate Verification requirements. Can
> be:
> # "never" (don't even bother trying)
> # "allow" (try, but don't fail if
> the cerificate
> # can't be verified)
> # "demand" (fail if the
> certificate doesn't
> verify.)
> #
> # The default is "allow"
> # require_cert = "demand"
> }
>
> # default_profile =
> "cn=radprofile,ou=dialup,o=My Org,c=UA"
> # profile_attribute = "radiusProfileDn"
> # access_attr = "dialupAccess"
>
> # Mapping of RADIUS dictionary attributes to LDAP
> # directory attributes.
> dictionary_mapping = ${confdir}/ldap.attrmap
>
> # Set password_attribute = nspmPassword to get the
> # user's password from a Novell eDirectory
> # backend. This will work ONLY IF FreeRADIUS has been
> # built with the --with-edir configure option.
> #
> # password_attribute = userPassword
I think you need to un-comment this line --^
Regards,
Frank Ranner
Classification=UNCLASSIFIED
Precedence=ROUTINE
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
