Setup FreeRadius Authentication with OpenLDAP
Abstract: Edit Radius LDAP Files Edit radius ldap file /etc/raddb/modules/ldap and add below ldap server details. # vim /etc/raddb/modules/ldapTest Setup Finall
FreeRadius is an implementation of RADIUS server. Its support multiple types of authentication. This article will help you to setup freeradius authentication with OpenLDAP.
Step 1: Setup OpenLDAP ServerFirst its required to setup openldap server to complete below setup. Use below link to install it.
Setup Openldap Server on CentOS, RHEL System
Step 2: Install freeradius PackagesInstall all freeradius2 server packages on your system using following command.
# yum install freeradius2 freeradius2-utils freeradius2-ldapStep 3: Download Schema File
Download radius ldap schema file and copy to ldap schema directory using below commands.
3.1 Download File
# wget http://open.rhx.it/phamm/schema/radius.schema
3.2 Copy file in schema directory
# cp radius.schema /etc/openldap/schema/
3.3 Include file in ldap configuration file /etc/openldap/slapd.conf
include /etc/openldap/schema/radius.schemaStep 4: Edit Radius LDAP Files
Edit radius ldap file /etc/raddb/modules/ldap and add below ldap server details.
# vim /etc/raddb/modules/ldap
ldap { server = "openldap.example.com" basedn = "dc=example,dc=com" identity = "cn=Manager,ou=people,dc=example,dc=com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" start_tls = no groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" profile_attribute = "radiusprofile" access_attr = "uid" dictionary_mapping = {raddbdir}/ldap.attrmap ldap_connections_number = 10 timeout = 4 timelimit = 5 net_timeout = 1 set_auth_type = yes }
Edit /etc/freeradius/ldap.attrmap add following details.
# vim /etc/freeradius/ldap.attrmap
checkItem User-Password userPassword replyItem Tunnel-Type radiusTunnelType replyItem Tunnel-Medium-Type radiusTunnelMediumType replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupIdStep 5: Enable LDAP Authentication
After updating above files, Lets enable LDAP authentication in /etc/raddb/sites-available/inner-tunnel and /etc/raddb/sites-available/default by uncomment below lines.
Auth-Type LDAP { ldap }Step 6: Test Setup
Finally setup your setup by using following command
# radtest ldapuser1 password ldap.example.com 2 testing123 Sending Access-Request of id 165 to 127.0.0.1 port 1812 User-Name = "ldapuser1" User-Password = "password" NAS-IP-Address = 192.168.10.50 NAS-Port = 2 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=165, length=64 Filter-Id = "Enterasys:version=1:policy=Enterprise User"
If you get rad_recv: Access-Accept then authentication is successes.
Congratulation’s! You have successfully configured FreeRadius authentication with OpenLDAP.