Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1. Modify FreeRADIUS LDAP support

  1. Install the freeradius-ldap module, if you haven't already.

  2. Configure the ldap module (in /etc/raddb/mods-available on RedHat/CentOS or /etc/freeradius/mods-available on Debian/Ubuntu) as per the standard configuration with the server name(s), port(s), and whether TLS is required. 

    Info
    We recommend you use TLS. 
  3. Configure the identity and password options for a user that will have browse and attribute retrieval rights on the LDAP directory. 

    Info
    We recommend using a user that is as unprivileged as possible and not used for anything else.
  4. Below the base_dn, from which all searches start, you will find the update section, which returns attributes from LDAP. 
  5. This may include the userPassword LDAP attribute, which FreeRADIUS will use to authenticate. If the password attribute in your LDAP directory has a different name, change that here.
  6. Scroll to the user section. You may wish to modify the base_dn, filter, and scope settings there to match what your LDAP directory requires to return a single user object. FreeRADIUS will set an Ldap-UserDN attribute that will be used for binding as a user if the search is successful.

    Tip

    You may wish to test your LDAP search with tools such as ldapsearch to test your DN and your filters. See http://wiki.freeradius.org/modules/Rlm_ldap for more information.

  7. Save the file.

...