Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Uncategorized»Setup FreeRadius Authentication with OpenLDAP

    Setup FreeRadius Authentication with OpenLDAP

    By RahulFebruary 13, 20132 Mins Read

    FreeRadius is an implementation of RADIUS server. Its support multiple types of authentication. This article will help you to setup freeradius authentication with OpenLDAP.

    Advertisement

    Step 1: Setup OpenLDAP Server

    First its required to setup openldap server to complete below setup. Use below link to install it.

    Setup Openldap Server on CentOS, RHEL System

    Step 2: Install freeradius Packages

    Install all freeradius2 server packages on your system using following command.

    # yum install freeradius2 freeradius2-utils freeradius2-ldap
    

    Step 3: Download Schema File

    Download radius ldap schema file and copy to ldap schema directory using below commands.

    3.1 Download File

    # wget http://open.rhx.it/phamm/schema/radius.schema
    

    3.2 Copy file in schema directory

    # cp radius.schema /etc/openldap/schema/
    

    3.3 Include file in ldap configuration file /etc/openldap/slapd.conf

    include /etc/openldap/schema/radius.schema
    

    Step 4: Edit Radius LDAP Files

    Edit radius ldap file /etc/raddb/modules/ldap and add below ldap server details.

    # vim /etc/raddb/modules/ldap
    
    ldap {
    	server = "openldap.example.com"
    	basedn = "dc=example,dc=com"
    	identity = "cn=Manager,ou=people,dc=example,dc=com"
    	filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
    	base_filter = "(objectclass=radiusprofile)"
    	start_tls = no
    	groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
    	profile_attribute = "radiusprofile"
    	access_attr = "uid"
    	dictionary_mapping = {raddbdir}/ldap.attrmap
    	ldap_connections_number = 10
    	timeout = 4
    	timelimit = 5
    	net_timeout = 1
    	set_auth_type = yes
    }
    

    Edit /etc/freeradius/ldap.attrmap add following details.

    # vim /etc/freeradius/ldap.attrmap
    
    checkItem User-Password userPassword
    replyItem Tunnel-Type radiusTunnelType
    replyItem Tunnel-Medium-Type radiusTunnelMediumType
    replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
    

    Step 5: Enable LDAP Authentication

    After updating above files, Lets enable LDAP authentication in /etc/raddb/sites-available/inner-tunnel and /etc/raddb/sites-available/default by uncomment below lines.

    Auth-Type LDAP {
           ldap
    }
    

    Step 6: Test Setup

    Finally setup your setup by using following command

    # radtest ldapuser1 password ldap.example.com 2 testing123
    
    Sending Access-Request of id 165 to 127.0.0.1 port 1812
    User-Name = "ldapuser1"
    User-Password = "password"
    NAS-IP-Address = 192.168.10.50
    NAS-Port = 2
    Message-Authenticator = 0x00000000000000000000000000000000
    rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=165, length=64
    Filter-Id = "Enterasys:version=1:policy=Enterprise User"
    

    If you get rad_recv: Access-Accept then authentication is successes.

    Congratulation’s! You have successfully configured FreeRadius authentication with OpenLDAP.

    freeradius freeradius installation freeradius on centos freeradius with openldap
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    Understanding the difference between ‘git pull’ and ‘git fetch’

    Most Effective Industry Specific Plug-ins for WordPress

    How to Install Komodo Edit on Ubuntu 14.10, 14.04 LTS and 12.04 LTS via PPA

    View 7 Comments

    7 Comments

    1. carlos J. on May 6, 2019 8:54 pm

      You can explain the user format in ldap, so that this configuration works

      Reply
    2. Declan Markls on February 11, 2019 8:59 am

      Great but it would be helpful if you showed actually adding a user to openldap. This is a section that is completely missed. I have know idea what attributes to give to a user

      Reply
    3. Anil Kumar on December 3, 2018 9:54 am

      Please share the changes to be made in users.conf and clients.conf file.

      Regars

      Reply
    4. Alessio Trivisonno on March 6, 2017 5:15 pm

      You forgot to uncomment the line

      #ldap

      in /etc/freeradius/sites-available/default and /etc/freeradius/sites-available/inner-tunnel in step 5.

      Without this option set Auth-Type isn’t set to ldap and the module ldap is not called resulting in an unauthorized authentication.

      Reply
    5. Iksweet on January 10, 2016 2:37 pm

      thanks for nice article….one question, can i monitor my users data and internet usage by using RADIUS with LDAP? i need my users log …..please help

      Reply
    6. venky on August 25, 2015 7:02 pm

      Can you help how to install on debian?
      As i cannot find the package and instructions for it,

      Reply
    7. longchamp outlet on April 20, 2013 6:12 pm

      You certainly have some agreeable opinions and views

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Implementing a Linux Server Security Audit: Best Practices and Tools
    • cp Command in Linux (Copy Files Like a Pro)
    • 15 Practical Examples of dd Command in Linux
    • dd Command in Linux (Syntax, Options and Use Cases)
    • Iptables: Common Firewall Rules and Commands
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.