{"id":56,"date":"2005-02-10T19:43:33","date_gmt":"2005-02-10T11:43:33","guid":{"rendered":"https:\/\/blog.ychsiao.org\/?p=56"},"modified":"2005-02-11T04:16:00","modified_gmt":"2005-02-10T20:16:00","slug":"freeradius","status":"publish","type":"post","link":"https:\/\/blog.ychsiao.org\/?p=56","title":{"rendered":"FreeRadius+OpenLDAP with FreeBSD"},"content":{"rendered":"

AUTHOR<\/strong>
\n Yuan-Chung Hsiao (ychsiao AT ychsiao dot org)<\/p>\n

LICENSE<\/strong>
\n GNU Free Documentation License
\n Version 1.2, November 2002<\/p>\n

http:\/\/www.gnu.org\/licenses\/fdl.html<\/p>\n

About Radius<\/strong>
\nRadius( Remote Access Dial In User Service) Protocol\u4e3b\u8981\u7528\u4f86\u63d0\u4f9bAuthentication\u6a5f\u5236\uff0c\u7528\u4f86\u8fa8\u8a8d\u4f7f\u7528\u8005\u7684\u8eab\u4efd\u8207\u5bc6\u78bc\uff0c\u78ba\u8a8d\u901a\u904e\u4e4b\u5f8c\uff0c\u7d93\u7531Authorization\u6388\u6b0a\u4f7f\u7528\u8005\u767b\u5165\u7db2\u57df\u4f7f\u7528\u76f8\u95dc\u8cc7\u6e90\uff0c\u4e26\u53ef\u63d0\u4f9bAccounting\u6a5f\u5236\uff0c\u4fdd\u5b58\u4f7f\u7528\u8005\u7684\u7db2\u8def\u4f7f\u7528\u8a18\u9304\uff0c\u4ee5\u63d0\u4f9b\u7cfb\u7d71\u670d\u52d9\u696d\u8005\u5b8c\u6574\u8a8d\u8b49\u6536\u8cbb\u6a5f\u5236\u7684\u4e00\u500b\u57fa\u790e\u3002
\n\u8acb\u53c3\u8003RFC 2058<\/a>(January 1997)\u3001RFC 2138<\/a>(April 1997)<\/p>\n


\nAbout FreeRadius<\/strong><\/p>\n

  • GNU General Public License (GPL)<\/a> Software<\/li>\n
  • \u76ee\u524d\u6709\u652f\u63f4LDAP<\/a>\u3001MySQL<\/a>\u3001PostgreSQL<\/a>\u3001 Oracle<\/a>\u8cc7\u6599\u5eab\uff0c\u9084\u6709EAP\u3001EAP-MD5\u3001EAP-SIM\u3001EAP-TLS\u3001EAP-TTLS\u3001EAP-PEAP\u53caCisco LEAP sub-types\u52a0\u5bc6\u65b9\u5f0f\u3002<\/li>\n
  • \u7576\u7136\u4e5f\u6709proxy with fail-over\u53ca\u8ca0\u8f09\u5e73\u885d(load balancing)<\/li>\n

    Install FreeRadius(FreeBSD ports)<\/strong>
    \ncd \/usr\/ports\/net\/freeradius\/
    \nmake config install<\/code><\/p>\n

    Install FreeRadius(tar ball)<\/strong>
    \n.\/configure --without-snmp --with-rlm-ldap
    \nmake
    \nmake install<\/code><\/p>\n

    Configurel FreeRadius with OpenLDAP<\/strong>
    \nedit \/usr\/local\/etc\/raddb\/radius.conf
    \n\u4fee\u6539modules\u88e1\u7684LDAP
    \n ldap {
    \n server = “ldap.ychsiao.org”
    \n #identity = “”
    \n #password =
    \n basedn = “dc=your,dc=ldap,dc=dn”
    \n filter = “(&(objectclass=posixAccount)(uid=%u))”
    \n }
    \n\u5982\u679c\u4f60\u7684LDAP\u9700\u8981\u8a8d\u8b49\u624d\u80fd\u505a\u67e5\u8a62\uff0c\u8acb\u81ea\u884c\u4fee\u6539identity\/password\u6b04\u4f4d
    \n authorize {
    \n preprocess
    \n chap
    \n suffix
    \n file
    \n ldap
    \n }
    \nauthenticate {
    \n Auth-Type LDAP {
    \n ldap
    \n }
    \n}
    \nedit \/usr\/local\/etc\/raddb\/users
    \nDEFAULT Auth-Type = LDAP
    \n Fall-Through = 1<\/p>\n

    edit \/usr\/local\/etc\/raddb\/clients.conf
    \n secret = testing123 #\u4f60radius\u6253\u7b97\u8a2d\u7684\u5bc6\u78bc<\/strong><\/p>\n

    Test FreeRadius<\/strong>
    \n\/usr\/local\/sbin\/radius -X (for Server)
    \n\/usr\/local\/bin\/radtest ychsiao yourpassword localhost 0 testing123 (for client)
    \nSending Access-Request of id 242 to 127.0.0.1:1812
    \n User-Name = \"ychsiao\"
    \n User-Password = \"yourpassword\"
    \n NAS-IP-Address = ldap
    \n NAS-Port = 0
    \nRe-sending Access-Request of id 242 to 127.0.0.1:1812<\/code><\/p>\n

    Any issue?<\/strong>
    \nPlease repost or email to me, thanks!<\/p>\n

    Reference<\/strong><\/p>\n

  • Documents in \/usr\/local\/etc\/raddb<\/li>\n
  • LDAP System Administration, O’Reilly<\/a><\/li>\n","protected":false},"excerpt":{"rendered":"

    FreeRadius with OpenLDAP in FreeBSD<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[],"tags":[13,12,11,3],"class_list":["post-56","post","type-post","status-publish","format-standard","hentry","tag-document","tag-freebsd","tag-opensource","tag-unix"],"_links":{"self":[{"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/posts\/56","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=56"}],"version-history":[{"count":0,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/posts\/56\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=56"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=56"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=56"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}