运行
yum install freeradius freeradius-ldap freeradius-utils -y
修改 /etc/raddb/mods-available/ldap文件
ldap {
server = "127.0.0.1" # 你的openldap server地址
port = 389 # 你的openldap 端口
identity = "cn=Manager,dc=example,dc=com" #你的openldap管理帐号
password = password # 上面帐号对应的密码
base_dn = "dc=example,dc=com" # 你的openldap对用的base_dn
}
新建/etc/raddb/sites-available/ldap,并添加以下内容
server site_ldap {
listen {
ipaddr = 0.0.0.0
port = 1833
type = auth
}
authorize {
update {
control:Auth-Type := ldap
}
}
authenticate {
Auth-Type ldap {
ldap
}
}
post-auth {
Post-Auth-Type Reject {
}
}
}
将/etc/raddb/sites-available/ldap软链接到/etc/raddb/sites-enabled
shell> ln -s /etc/raddb/sites-available/site_ldap /etc/raddb/sites-enabled/
测试是否生效
$ radtest username password localhost:1833 0 testing123
返回成功状态
Sending Access-Request Id 120 from 0.0.0.0:43392 to 127.0.0.1:1833
User-Name = 'username'
User-Password = 'password'
NAS-IP-Address = 10.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Accept Id 120 from 127.0.0.1:1833 to 127.0.0.1:43392 length 20
参考
