HI list, In few weeks i try to configure freeradius with ldap, but no sucess. Ok ok, i read many about this, but no work.
Only authenticate Local, but need authenticate only with LDAP. See bellow my radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius log_file = ${logdir}/radius.log libdir = /usr/lib/freeradius pidfile = ${run_dir}/freeradius.pid user = freerad group = freerad max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 #bind_address = * #port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = yes lower_pass = yes nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad listen { type = auth ipaddr = 10.12.60.19 port = 0 } listen { type = acct ipaddr = 10.12.60.19 port = 0 } security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } $INCLUDE ${confdir}/eap.conf mschap { } ldap { server = "ldap.intra proxy.intra localhost" identity = "uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br" password = dfjk129!@ basedn = "dc=policiacivil,dc=rs,dc=gov,dc=br" filter = "(uid=%u)" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = userPassword groupname_attribute = radiusgroupname groupmembership_filter = (&(objectclass=posixGroup)(memberuid=%u)) timeout = 4 timelimit = 3 net_timeout = 1 set_auth_type = yes } #ldap { # server = "localhost" # identity = "cn=admin,dc=fabrica,dc=corp" # password = 123 # basedn = "ou=Usuarios,dc=fabrica,dc=corp" # filter = "(uid=%u)" # start_tls = no # dictionary_mapping = ${raddbdir}/ldap.attrmap # ldap_cache_timeout = 120 # ldap_cache_size = 0 # ldap_connections_number = 10 # password_attribute = userPassword # timeout = 3 # timelimit = 5 # net_timeout = 1 # compare_check_items = no # access_attr_used_for_allow = yes # set_auth_type = yes # } # realm LOCAL { # format = prefix # delimiter = "/" # ignore_default = no # ignore_null = no # } # # realm suffix { # format = suffix # delimiter = "@" # ignore_default = no # ignore_null = no # } # # realm realmpercent { # format = suffix # delimiter = "%" # ignore_default = no # ignore_null = no # } # # realm ntdomain { # format = prefix # delimiter = "\\" # ignore_default = no # ignore_null = no # } checkval { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port" } # $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } } instantiate { exec expr } authorize { preprocess mschap # suffix files ldap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } ldap unix eap } preacct { preprocess acct_unique # suffix files } accounting { detail radutmp } session { radutmp } post-auth { } pre-proxy { } post-proxy { eap } realy need help. THanks for advance!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html