AUTHOR
Yuan-Chung Hsiao (ychsiao AT ychsiao dot org)
LICENSE
GNU Free Documentation License
Version 1.2, November 2002
http://www.gnu.org/licenses/fdl.html
About Radius
Radius( Remote Access Dial In User Service) Protocol主要用來提供Authentication機制,用來辨認使用者的身份與密碼,確認通過之後,經由Authorization授權使用者登入網域使用相關資源,並可提供Accounting機制,保存使用者的網路使用記錄,以提供系統服務業者完整認證收費機制的一個基礎。
請參考RFC 2058(January 1997)、RFC 2138(April 1997)
About FreeRadius
Install FreeRadius(FreeBSD ports)
cd /usr/ports/net/freeradius/
make config install
Install FreeRadius(tar ball)
./configure --without-snmp --with-rlm-ldap
make
make install
Configurel FreeRadius with OpenLDAP
edit /usr/local/etc/raddb/radius.conf
修改modules裡的LDAP
ldap {
server = “ldap.ychsiao.org”
#identity = “”
#password =
basedn = “dc=your,dc=ldap,dc=dn”
filter = “(&(objectclass=posixAccount)(uid=%u))”
}
如果你的LDAP需要認證才能做查詢,請自行修改identity/password欄位
authorize {
preprocess
chap
suffix
file
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
}
edit /usr/local/etc/raddb/users
DEFAULT Auth-Type = LDAP
Fall-Through = 1
edit /usr/local/etc/raddb/clients.conf
secret = testing123 #你radius打算設的密碼
Test FreeRadius
/usr/local/sbin/radius -X (for Server)
/usr/local/bin/radtest ychsiao yourpassword localhost 0 testing123 (for client)
Sending Access-Request of id 242 to 127.0.0.1:1812
User-Name = "ychsiao"
User-Password = "yourpassword"
NAS-IP-Address = ldap
NAS-Port = 0
Re-sending Access-Request of id 242 to 127.0.0.1:1812
Any issue?
Please repost or email to me, thanks!
Reference
Great article, your instruction works for my NAS (busybox) as well!
Thanks for sharing the instruction.