1. Modify FreeRADIUS LDAP support
freeradius-ldapmodule, if you haven't already.
/etc/raddb/mods-availableon RedHat/CentOS or
/etc/freeradius/mods-availableon Debian/Ubuntu) as per the standard configuration with the server name(s), port(s), and whether TLS is required.
Info We recommend you use TLS.
passwordoptions for a user that will have browse and attribute retrieval rights on the LDAP directory.
Info We recommend using a user that is as unprivileged as possible and not used for anything else.
- Below the
base_dn, from which all searches start, you will find the
updatesection, which returns attributes from LDAP.
- This may include the
userPasswordLDAP attribute, which FreeRADIUS will use to authenticate. If the password attribute in your LDAP directory has a different name, change that here.
Scroll to the
usersection. You may wish to modify the
scopesettings there to match what your LDAP directory requires to return a single user object. FreeRADIUS will set an
Ldap-UserDNattribute that will be used for binding as a user if the search is successful.
You may wish to test your LDAP search with tools such as
ldapsearchto test your DN and your filters. See http://wiki.freeradius.org/modules/Rlm_ldap for more information.
- Save the file.