{"id":184,"date":"2022-02-02T08:09:27","date_gmt":"2022-02-02T07:09:27","guid":{"rendered":"https:\/\/whoami.lausitz-event.info\/?p=184"},"modified":"2022-03-22T08:17:19","modified_gmt":"2022-03-22T07:17:19","slug":"freeradius-openldap","status":"publish","type":"post","link":"https:\/\/whoami.lausitz-event.info\/?p=184","title":{"rendered":"Freeradius & OpenLDAP"},"content":{"rendered":"\n\n

Hier wird die Konfiguration eines Radius Server mit OPENLDAP Anbindung beschrieben.<\/p>\n\n\n\n\n\n

dnf -y install freeradius freeradius-utils freeradius-ldap<\/code><\/pre>\n\n\n\n\n\n
vi \/etc\/raddb\/mods-available\/ldap<\/p>\n\n\n\n\n\n
ldap {\n        server = 'OPENLDAP-SERVER-IP'\n        identity = 'cn=Manager,dc=domain,dc=local'\n        password = SECURE_MANAGER_PASSWORD\n        base_dn = 'dc=domain,dc=local'\n        filter = \"(uid=%{Stripped-User-Name:-%{User-Name}})\"\n        base_filter = \"(objectclass=radiusprofile)\"\n        start_tls = no\n        groupmembership_filter = \"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))\"\n        profile_attribute = \"radiusprofile\"\n        access_attr = \"uid\"\n        dictionary_mapping = {raddbdir}\/ldap.attrmap\n        ldap_connections_number = 10\n        timeout = 4\n        timelimit = 5\n        net_timeout = 1\n        set_auth_type = yes\n.\n.\n.<\/code><\/pre>\n\n\n\n\n\n
cd \/etc\/raddb\/mods-enabled\nln -s ..\/mods-available\/ldap .<\/code><\/pre>\n\n\n\n\n\n
vi \/etc\/raddb\/ldap.attrmap<\/p>\n\n\n\n\n\n
checkItem User-Password userPassword\nreplyItem Tunnel-Type radiusTunnelType\nreplyItem Tunnel-Medium-Type radiusTunnelMediumType\nreplyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId<\/code><\/pre>\n\n\n\n\n\n
vi \/etc\/raddb\/sites-available\/inner-tunnel<\/p>\n\n\n\n\n\n
authorize {\n        .\n        .\n        .\n        ldap\n        .\n        .\n        .<\/code><\/pre>\n\n\n\n\n\n
vi \/etc\/raddb\/sites-available\/inner-tunnel<\/p>\n\n\n\n\n\n
authenticate {\n        .\n        .\n        .\n        Auth-Type LDAP {\n                ldap\n        }\n        .\n        .\n        .<\/code><\/pre>\n\n\n\n\n\n
vi \/etc\/raddb\/sites-available\/default<\/p>\n\n\n\n\n\n
authorize {
        .
        .
        .
        ldap
        .
        .
        .<\/code><\/pre>\n\n\n\n\n\n
vi \/etc\/raddb\/sites-available\/default<\/p>\n\n\n\n\n\n
authenticate {
        .
        .
        .
        Auth-Type LDAP {
                ldap
        }
        .
        .
        .<\/code><\/pre>\n\n\n\n\n\n
Konfiguration Start Freeradius<\/p>\n\n\n\n\n\n
systemctl enable radiusd\nsystemctl start radiusd<\/code><\/pre>\n\n\n","protected":false},"excerpt":{"rendered":"
Hier wird die Konfiguration eines Radius Server mit OPENLDAP Anbindung beschrieben. vi \/etc\/raddb\/mods-available\/ldap vi \/etc\/raddb\/ldap.attrmap vi \/etc\/raddb\/sites-available\/inner-tunnel vi \/etc\/raddb\/sites-available\/inner-tunnel vi \/etc\/raddb\/sites-available\/default vi \/etc\/raddb\/sites-available\/default Konfiguration Start Freeradius<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1,11],"tags":[],"class_list":["post-184","post","type-post","status-publish","format-standard","hentry","category-allgemein","category-security"],"_links":{"self":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=184"}],"version-history":[{"count":3,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions"}],"predecessor-version":[{"id":196,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions\/196"}],"wp:attachment":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}