I'm running freeradius-0.8.1 on RedHat 7.3. On another server,
I'm running OpenLDAP 2.0.1 on RedHat 7.3.
I'm having problems getting Radius to proxy LDAP authentications.
For starters, I have three classes of users:
1) local - use local Radius authentication
2) my_radius - use remote Radius authentication (also running freeradius-0.8.1 on
RedHat 7.3)
3) my_partner - authenticate against a remote OpenLDAP server
Therefore, I'm trying to use realms and let the local Radius server proxy the
two other remote authentications. In my radiusd.conf, I've enabled proxying,
added the ldap module and have defined it as:
ldap {
server = "123.123.123.123"
port = "389"
basedn = "ou=People, o=%{Realm}"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
tls_mode = no
ldap_connections_number = 30
timeout = 5
timelimit = 5
net_timeout = 5
identity = "cn=Manager, o=%{Realm}"
password = foo
}
I want to use realms such as "[EMAIL PROTECTED]" to authorize
against the remote LDAP server and "my_radius/bob" to authorize
against the remote RADIUS server.
Here's an excerpt from my proxy.conf:
realm local {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm my_radius {
type = radius
authhost = radius.us.com:1812
accthost = radius.us.com:1813
secret = foo
}
realm my_partner {
type = ldap
authhost = LOCAL
accthost = LOCAL
}
I think that the last realm, 'my_partner', is wrong. How would
I define the realm to authorize against a remote LDAP?
Do I have to have the remote LDAP user in my users conf file?
Thanks in advance,
Mark Gaither
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
