close

1. /usr/port/net/freeradius2/   ==> make install clean

2.cd /usr/local/etc/raddb/certs/   ==> make ca  server  and client key  file 

3.cd sites-enabled/  ,  vi default  file  

   

authorize {
#

  ldap

}

................

authenticate {
#

Auth-Type LDAP {
ldap
}

save and exit

4. vi eap.conf  

eap {
#  

default_eap_type = tls

 

......

 

 random_file = ${certdir}/random

 

save and exit

 

5,  vi  modules/ldap

ldap {
#
# Note that this needs to match the name in the LDAP
# server certificate, if you're using ldaps.
server = "ldap.test.com"
#identity = "cn=admin,o=My Org,c=UA"
#password = mypass
basedn = "dc=test,dc=com"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
#base_filter = "(objectclass=radiusprofile)"

 

save and exit

6. run radius   ==> radiusd -X  

7. vi clients.conf

add serveal  line below

client 211.1.1.0/24 {
secret = 1qaz2wsx
shortname = Yves_test

 

8.  vi  users  file 

add line below 

test Cleartext-Password := "test"
Reply-Message = "Hello, %{User-Name}"

 

9. test  radtest  test test  localhost 0  testing123

success result  ==>

radtest test test localhost 0 testing123
Sending Access-Request of id 177 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 211.1.1.100
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=177, length=33
Reply-Message = "Hello, test"

 

10. test  ldap  user

  result  ==>

radtest abc abc localhost 0 testing123
Sending Access-Request of id 205 to 127.0.0.1 port 1812
User-Name = "abc"
User-Password = "abc"
NAS-IP-Address = 211.1.1.100
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=205, length=20

 

 radius -X  general  messages :

[ldap] login attempt by "abc" with password "abc"
[ldap] user DN: uid=abc,ou=people,dc=test,dc=com
[ldap] (re)connect to ldap.test.com:389, authentication 1
[ldap] bind as uid=abc,ou=people,dc=test,dc=com/abc to ldap.test.com:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] user abc authenticated succesfully
++[ldap] = ok

 

 

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 yves2005 的頭像
    yves2005

    YvEs2005

    yves2005 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄