On Thu, 17 Dec 2015 13:41:48 -0500 Omar Isalgué Begué <informat...@enpa.gtm.minag.cu> wrote:
> alguien tiene un manual o conoce de alguna guia para configurar > freeradius con autentificacion LDAP, puede ser en cualkier distro > > Salu2s > Uso Proxmox, containers debian, habilitas el modulo ldap, editas ese file que esta dentro de /modules y le pones todo lo concerniente a la conexion a tu ldap incluyendo un filtro como ves aca: root@wifi:/admin/fr/modules# cat ldap ldap { server = "ldap://ldap.tu.dominio.cu:389/" identity = "cn=vmail,dc=tu,dc=dominio,dc=cu" password = "yb1jztQexcNOHg1bCc7G1BKvixFwiL" basedn = "o=domains,dc=tu,dc=dominio,dc=cu" filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(ServWifi=1)(accountStatus=active))" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = yes password_header = "{clear}" password_attribute = userPassword Luego en ese archivito ldap.attrmap mapeas o mas bien matcheas los atributos de tu ldap hacia los del freeradius: root@wifi:/admin/fr# cat ldap.attrmap checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem checkItem NT-Password sambaNTPassword Luego: root@wifi:/admin/fr# cat radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct name = freeradius confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/${name}.pid user = freerad group = freerad max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * port = 0 } listen { ipaddr = * # ipv6addr = :: port = 0 type = acct # interface = eth0 # clients = per_socket_clients } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes # msg_goodpass = "" # msg_badpass = "" } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf } instantiate { exec expr # daily expiration logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/ Lo otro que te queda es agregar los clientes en clients.conf: root@wifi:/admin/fr# cat clients.conf #AP en el 4to piso - Laboratorio de Quimica client 172.16.8.2 { secret = passwd1 shortname = QUIMICA } #AP ahora mismo esta en la Radiobase client 172.16.8.3 { secret = passwd2 shortname = RADIOBASE } #AP ahora mismo en dpto Infantil client 172.16.8.4 { secret = passwd3 shortname = INFANTIL } Lo hice rapido y de corre corre, dime si te pincha.. buena suerte ______________________________________________________________________ Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. Gutl-l@jovenclub.cu https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l