Monday, May 18, 2009

Integration between OpenLDAP and FreeRadius

Edit file radiusd.conf. At the part of ldap line, fill the server with ip address and basedn of ldap server.
For example the following:
ldap {
server = "192.168.1.2"
# identity = "cn=admin,o=My Org,c=UA"
# password = mypass
basedn = "o=ICT Indonesia"

Marked # on the following lines:
#access_attr = "dialupAccess"

At part of authorize, open comments from the following lines:
ldap

At part of authenticate, open comments from the following lines:
Auth-Type LDAP {
ldap
}

The above configuration is if our ldap server use clear text password. This is based on my experience, my previous attempt to use features dialupAccess and make comments on the Auth-Type LDAP but failed, and always appears the following error message:
no dialupAccess attribute - access denied by default

I test this with NTRadPing Utilities (didownlod be in here), the results:

After I disable DialupAccess and enable Auth-Type LDAP, connection to LDAP run successfully.

In the debug mode, we can see user and password from the ldap server as follows:


Do not forget to save the configuration and restart the radiusd service.
Happy Testing!!!
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)