> Hi,
>
> This may look like a reccuring question, but I've checked the
> whole mailing list and many other websites but this isn't
> clear to me.
>
>
> I'm currently working on a gateway using a very poor but
> strong configuration of free radius.
> This gateway has installed the minimal configuration to made
> it as lightweight and strong as possible !
>
> My question is the following :
> My bosses wants me to make my Linux box join some of the
> centralized user db we have. Our society has 4 kind of
> (different) user databases including NIS, LDAP, Active
> Directory, MySQL, ...
>
> So to make radius authenticate using NIS there is no problem.
> But to add (or just modify) the authentication server to
> Active Directory I understood (from many sources) that this is
> possible, but not how to do that.
>
> Is the Radius configuration file enough or should I install
> some applications ? Such as OpenLDAP ? Kerberos ? OpenSSL ?
> Samba NTLM ?
You'll need to install openldap before you compile freeradius for it to
use ldap.
>
> Moreover, I haven't a direct access to a Windows PDC, should I
> need one ?
You will need to have direct access to the windows active directory
server, port 389 (if that's what it listens on).
> I don't know LDAP well, so can someone which as a common
> configuration give me a sample configuration file(s).
The radiusd.conf file will show this most of what you need to do. You'll
need to modify the ldap section of that file. Please make sure you create
a user in Active Directory with read access. This is the user that you
will put in identity and password. You'll need to bind with that user to
active directory to do a search on the user logging in. AD doesn't allow
anonymous searches, so you'll need to create a user with read access.
In basedn, you'll specify the base of where your users are stored in
Active Directory. It will look something like this.
basedn = "ou=system users,dc=yourdomain,dc=com"
You'll have to find out where in the ldap directory the users are stored
and modify basedn to fit that.
Then in filter, you will specify the lookup for the user. It will look
something like this.
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
>
> Can FreeRadius been extended in a SSO architecure ?
Sure, if all your users are located in a place that freeradius can connect
to, such as active directory.
> Any advice will be appriciated. Thx...
>
> Marc
>
> Accédez au courrier électronique de La Poste : www.laposte.net ;
> 3615 LAPOSTENET (0,34€/mn) ; tél : 08 92 68 13 50 (0,34€/mn)
>
Hope that helps.
Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
