Feed on
Posts
Comments

AUTHOR
Yuan-Chung Hsiao (ychsiao AT ychsiao dot org)

LICENSE
GNU Free Documentation License
Version 1.2, November 2002

http://www.gnu.org/licenses/fdl.html

About Radius
Radius( Remote Access Dial In User Service) Protocol主要用來提供Authentication機制,用來辨認使用者的身份與密碼,確認通過之後,經由Authorization授權使用者登入網域使用相關資源,並可提供Accounting機制,保存使用者的網路使用記錄,以提供系統服務業者完整認證收費機制的一個基礎。
請參考RFC 2058(January 1997)、RFC 2138(April 1997)


About FreeRadius

  • GNU General Public License (GPL) Software
  • 目前有支援LDAPMySQLPostgreSQLOracle資料庫,還有EAP、EAP-MD5、EAP-SIM、EAP-TLS、EAP-TTLS、EAP-PEAP及Cisco LEAP sub-types加密方式。
  • 當然也有proxy with fail-over及負載平衝(load balancing)
  • Install FreeRadius(FreeBSD ports)
    cd /usr/ports/net/freeradius/
    make config install

    Install FreeRadius(tar ball)
    ./configure --without-snmp --with-rlm-ldap
    make
    make install

    Configurel FreeRadius with OpenLDAP
    edit /usr/local/etc/raddb/radius.conf
    修改modules裡的LDAP
    ldap {
    server = “ldap.ychsiao.org”
    #identity = “”
    #password =
    basedn = “dc=your,dc=ldap,dc=dn”
    filter = “(&(objectclass=posixAccount)(uid=%u))”
    }
    如果你的LDAP需要認證才能做查詢,請自行修改identity/password欄位
    authorize {
    preprocess
    chap
    suffix
    file
    ldap
    }
    authenticate {
    Auth-Type LDAP {
    ldap
    }
    }
    edit /usr/local/etc/raddb/users
    DEFAULT Auth-Type = LDAP
    Fall-Through = 1

    edit /usr/local/etc/raddb/clients.conf
    secret = testing123 #你radius打算設的密碼

    Test FreeRadius
    /usr/local/sbin/radius -X (for Server)
    /usr/local/bin/radtest ychsiao yourpassword localhost 0 testing123 (for client)
    Sending Access-Request of id 242 to 127.0.0.1:1812
    User-Name = "ychsiao"
    User-Password = "yourpassword"
    NAS-IP-Address = ldap
    NAS-Port = 0
    Re-sending Access-Request of id 242 to 127.0.0.1:1812

    Any issue?
    Please repost or email to me, thanks!

    Reference

  • Documents in /usr/local/etc/raddb
  • LDAP System Administration, O’Reilly
  • One Response to “FreeRadius+OpenLDAP with FreeBSD”

    1. ray says:

      Great article, your instruction works for my NAS (busybox) as well!

      Thanks for sharing the instruction.

    Leave a Reply