Again: clients.conf storage in ldap
Hello list, I have found one old discussion in freeradius maillist about storing RADIUS clients definitions in LDAP. That discussion is from date 23 Nov 2004 and is in following link: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg11425.html I want to ask what is the status of integrating clients.conf in LDAP storage now, four years later from that discussion? This integration is interesting and makes the configuration more centralized. thanks michal -- Ing. Michal Bruncko, CCNP Linux systems and network administrator Coupled school of business and services Ruzomberok Slovak Republic - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Again: clients.conf storage in ldap
On 03/12/10 13:52, Michal Bruncko wrote:
Hello list,
I have found one old discussion in freeradius maillist about storing
RADIUS clients definitions in LDAP.
That discussion is from date 23 Nov 2004 and is in following link:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg11425.html
I want to ask what is the status of integrating clients.conf in LDAP
storage now, four years later from that discussion?
This integration is interesting and makes the configuration more
centralized.
FreeRadius 2 has support for dynamic clients; with that I guess the
ldap module can be used to reply to the dynamic client queries with
xlat values or (with a 2nd instance and custom ldap.attrmap) read them
wholesale out of LDAP.
For example:
modules {
ldap ldap_clients {
... ldap config
dictionary_mapping = ldap.attrmap_clients
base = ...
filter = (radiusClientIP=%{Packet-Src-IP-Address})
}
}
client dynamic {
ipaddr = 192.168.0.0
netmask = 16
dynamic_client = dyn_clients_ldap
lifetime = 3600
}
server dyn_clients_ldap {
authorize {
ldap_clients
}
}
...and in ldap.attrmap_clients:
checkItem FreeRADIUS-Client-Secret radiusClientSecret
checkItem FreeRADIUS-Client-IP-Address radiusClientIP
checkItem FreeRADIUS-Client-Shortname cn
...obviously modify for your LDAP schema.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Again: clients.conf storage in ldap
On 12/03/2010 08:52 AM, Michal Bruncko wrote: Hello list, I have found one old discussion in freeradius maillist about storing RADIUS clients definitions in LDAP. That discussion is from date 23 Nov 2004 and is in following link: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg11425.html I want to ask what is the status of integrating clients.conf in LDAP storage now, four years later from that discussion? This integration is interesting and makes the configuration more centralized. I sent Alan patches for storing clients in ldap. I think I recall Alan saying the plan was to add them to the 2.2 version. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Again: clients.conf storage in ldap
John Dennis wrote: I sent Alan patches for storing clients in ldap. I think I recall Alan saying the plan was to add them to the 2.2 version. That's on the (large) list of things to do. I like Phil's suggestion, too. Even 2.1 has the dynamic_clients module, so that *all* of the clients can be defined dynamically. It's just habit that most people put them into a static clients.conf file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Again: clients.conf storage in ldap
I had it setup in mysql using the ability to manually specify queries. if the ldap module has that exact same functionality, it should be absolutely possible. Unless you have frequently changing clients, or an overabundance of clients, it's not worth it. it's a nightmare to maintain On 12/3/2010 5:52 AM, Michal Bruncko wrote: Hello list, I have found one old discussion in freeradius maillist about storing RADIUS clients definitions in LDAP. That discussion is from date 23 Nov 2004 and is in following link: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg11425.html I want to ask what is the status of integrating clients.conf in LDAP storage now, four years later from that discussion? This integration is interesting and makes the configuration more centralized. thanks michal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: clients.conf storage in ldap
I can try to port it in rlm_ldap.c but , I need some help on freeradius and in c language . first question : -I must patch rlm_ldap or an another module ?(the module reading clients.conf ? ) . - I don't know very well freeradius arch (one month ago) . thanks eric german --- Kostas Kalevras [EMAIL PROTECTED] a écrit : On Mon, 22 Nov 2004, eric german wrote: hi , I m playing with freeradius and openldap . I ll manage all my radius system on ldap. I made a perl script whi reads radiusd.conf and rewrites on fly the clients.conf file . For this I added a new objectclass RadiusClient on my onpenldap . Do you kmow if somebody works in the same direction ? I don't post my script on list but i can send it on demand . thank eric german Adding ldap based radius clients in rlm_ldap would be nice. It will be added at some point. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf Vous manquez despace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: clients.conf storage in ldap
On Tue, 23 Nov 2004, eric german wrote: I can try to port it in rlm_ldap.c but , I need some help on freeradius and in c language . first question : -I must patch rlm_ldap or an another module ?(the module reading clients.conf ? ) . - I don't know very well freeradius arch (one month ago) . thanks eric german Take a look at the radius client support in rlm_sql.c and use that as a starting point. Make client reading configurable obviously. Or you can wait for a while. It's on my TODO list and it should be added by the end of the year. --- Kostas Kalevras [EMAIL PROTECTED] a ?crit : On Mon, 22 Nov 2004, eric german wrote: hi , I m playing with freeradius and openldap . I ll manage all my radius system on ldap. I made a perl script whi reads radiusd.conf and rewrites on fly the clients.conf file . For this I added a new objectclass RadiusClient on my onpenldap . Do you kmow if somebody works in the same direction ? I don't post my script on list but i can send it on demand . thank eric german Adding ldap based radius clients in rlm_ldap would be nice. It will be added at some point. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf Vous manquez d?espace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Cr?ez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arriv? ! D?couvrez toutes les nouveaut?s pour dialoguer instantan?ment avec vos amis. A t?l?charger gratuitement sur http://fr.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
clients.conf storage in ldap
hi , I m playing with freeradius and openldap . I ll manage all my radius system on ldap. I made a perl script whi reads radiusd.conf and rewrites on fly the clients.conf file . For this I added a new objectclass RadiusClient on my onpenldap . Do you kmow if somebody works in the same direction ? I don't post my script on list but i can send it on demand . thank eric german Vous manquez despace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: clients.conf storage in ldap
On Mon, 22 Nov 2004, eric german wrote: hi , I m playing with freeradius and openldap . I ll manage all my radius system on ldap. I made a perl script whi reads radiusd.conf and rewrites on fly the clients.conf file . For this I added a new objectclass RadiusClient on my onpenldap . Do you kmow if somebody works in the same direction ? I don't post my script on list but i can send it on demand . thank eric german Adding ldap based radius clients in rlm_ldap would be nice. It will be added at some point. Vous manquez d?espace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Cr?ez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arriv? ! D?couvrez toutes les nouveaut?s pour dialoguer instantan?ment avec vos amis. A t?l?charger gratuitement sur http://fr.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
