FreeRADIUSとldap（インストールしただけ）

RADIUS認証をするために、必要なパッケージをごそごそしてると、freeradius-ldapを見つける。 早速これがよさげってことでインストール。

$ sudo yum install freeradius-ldap
:（略)
Dependencies Resolved

=========================================================================================
 Package                   Arch             Version                 Repository      Size
=========================================================================================
Installing:
 freeradius-ldap           x86_64           2.1.10-5.el6            base            61 k
Installing for dependencies:
 freeradius                x86_64           2.1.10-5.el6            base           1.3 M

Transaction Summary
=========================================================================================
Install       2 Package(s)

Total download size: 1.4 M
Installed size: 5.5 M
Is this ok [y/N]: y

設定ファイルはこんなところに。

[raddb]# pwd
/etc/raddb
[raddb]# ls
acct_users                 certs         huntgroups      proxy.conf       sqlippool.conf
attrs                      clients.conf  ldap.attrmap    radiusd.conf     templates.conf
attrs.access_challenge     dictionary    modules         sites-available  users
attrs.access_reject        eap.conf      policy.conf     sites-enabled
attrs.accounting_response  example.pl    policy.txt      sql
attrs.pre-proxy            hints         preproxy_users  sql.conf
[raddb]# 

ldapの設定もmodules/ldapにあった。

# -*- text -*-
#
#  $Id$

# Lightweight Directory Access Protocol (LDAP)
#
#  This module definition allows you to use LDAP for
#  authorization and authentication.
#
#  See raddb/sites-available/default for reference to the
#  ldap module in the authorize and authenticate sections.
#
#  However, LDAP can be used for authentication ONLY when the
#  Access-Request packet contains a clear-text User-Password
#  attribute.  LDAP authentication will NOT work for any other
#  authentication method.
#
#  This means that LDAP servers don't understand EAP.  If you
#  force "Auth-Type = LDAP", and then send the server a
#  request containing EAP authentication, then authentication
#  WILL NOT WORK.
#
#  The solution is to use the default configuration, which does
#  work.
#
#  Setting "Auth-Type = LDAP" is ALMOST ALWAYS WRONG.  We
#  really can't emphasize this enough.
# 
ldap {
 #
 #  Note that this needs to match the name in the LDAP
 #  server certificate, if you're using ldaps.
 server = "ldap.your.domain"
 #identity = "cn=admin,o=My Org,c=UA"
 #password = mypass
 basedn = "o=My Org,c=UA"
 filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
 #base_filter = "(objectclass=radiusprofile)"