> > Thanks John for the reply. > can I use EAP-TLS method of authentication with LDAP as backend datastore > to check usernames and passwords. > It would be like I bind to RADIUS server with EAP-TLS method using > certificate and check usernames and passwords from LDAP server > if yes on EAP-TLS can you please tell me how to configure EAP-TLS with > LDAP as backend datastore. > Basically I want to avoid harcoded usernames and passwords in raddb of > RADIUS server for authenticating users which I am doing currently . > ldap { > server = "localhost" > # identity = "cn=admin,o=My Org,c=UA" > identity = "uid=admin,ou=CamUsers,dc=vmbox,dc=int" > password = admin > basedn = "ou=CamUsers,dc=vmbox,dc=int" > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" > # base_filter = "(objectclass=radiusprofile)" > # set this to 'yes' to use TLS encrypted connections > # to the LDAP database by using the StartTLS extended > # operation. > # The StartTLS operation is supposed to be used with normal > # ldap connections instead of using ldaps (port 689) connections > start_tls = yes > # tls_cacertfile = > C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/cacert.pem > # tls_cacertdir = > C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts > # tls_certfile = > C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem > # tls_keyfile = > C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem > # tls_randfile = /path/to/rnd > tls_require_cert = "allow" > Waiting for your inputs > Thanks and Regards, > Pramod > > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html