s i s t e m a o p e r a c i o n a l m a g n u x l i n u x | ~/ · documentação · suporte · sobre |
3. Radius authentication using LDAPA Radius Server, is a daemon for un*x operating systems which allows one to set up (guess what!) a radius protocol server, which is usually used for authentication and accounting of dial-up users. To use server, you also need a correctly setup client which will talk to it, usually a terminal server or a PC with appropriate which emulates it (PortSlave, radiusclient etc). [From the freeradius FAQ] Radius has its own database of users, anyway, since this information is already contained in LDAP, it will be more convenient to use it! There are several freeware Radius servers, the one that has good support for LDAP is the FreeRadius server (http://www.freeradius.org), it is still a development version, anyway the LDAP module works fine. 3.1. FreeRadius Radiusd configurationOnce you have installed the server you have to configure it using the configuration files, that are located under /etc/raddb (or /usr/local/etc/raddb) In the radiusd.conf file edit :
Also edit the dictionary file:
And the users file to have a default authorization entry:
If you alreay set up an LDAP server for Un*x accounts management, this is enough. On the LDAP server ensure also that the radius server can read the all the posixAccount attributes (expecially uid and userpassword). 3.2. Testing Radius AuthenticationTo test everything server start radiusd in debugging mode:
Then use the radtest program whith a syntax like
If everything went fine you should receive an Acces-Accept packet from the Radius server. You can also use stunnel in client mode to provide SSL in the connection between the Radius server and the LDAPS server. For details on SSL refer to Section 10. 3.3. Sample CISCO IOS ConfigurationJust for completeness, here is a sample Cisco IOS configuration. Anyway, this is outside the purpose of the HOWTO so it may not suit your needs.
|