Hier wird die Konfiguration eines Radius Server mit OPENLDAP Anbindung beschrieben.
dnf -y install freeradius freeradius-utils freeradius-ldapvi /etc/raddb/mods-available/ldap
ldap {
server = 'OPENLDAP-SERVER-IP'
identity = 'cn=Manager,dc=domain,dc=local'
password = SECURE_MANAGER_PASSWORD
base_dn = 'dc=domain,dc=local'
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
profile_attribute = "radiusprofile"
access_attr = "uid"
dictionary_mapping = {raddbdir}/ldap.attrmap
ldap_connections_number = 10
timeout = 4
timelimit = 5
net_timeout = 1
set_auth_type = yes
.
.
.cd /etc/raddb/mods-enabled
ln -s ../mods-available/ldap .vi /etc/raddb/ldap.attrmap
checkItem User-Password userPassword
replyItem Tunnel-Type radiusTunnelType
replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupIdvi /etc/raddb/sites-available/inner-tunnel
authorize {
.
.
.
ldap
.
.
.vi /etc/raddb/sites-available/inner-tunnel
authenticate {
.
.
.
Auth-Type LDAP {
ldap
}
.
.
.vi /etc/raddb/sites-available/default
authorize {
.
.
.
ldap
.
.
.vi /etc/raddb/sites-available/default
authenticate {
.
.
.
Auth-Type LDAP {
ldap
}
.
.
.Konfiguration Start Freeradius
systemctl enable radiusd
systemctl start radiusd