freeradius\u7d50\u5408openldap<\/p>\n\n\n\n
1 2 3 5 freeradius\u7d50\u5408openldap 1\u8a2d\u5b9aFreeRa …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[21],"tags":[],"class_list":["post-686","post","type-post","status-publish","format-standard","hentry","category-linuxservice"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=686"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/686\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\u8a2d\u5b9aFreeRadius \u8207 LDAP Server<\/strong>
# cd \/usr\/local\/etc\/raddb
# cp \/usr\/local\/share\/examples\/freeradius\/raddb\/ldap.attrmap .<\/p>\n\n\n\n
\u7de8\u8f2fuser\u9019\u6a94\u6848<\/strong>
\u8a2d\u5b9a\u4f7f\u7528ldap\u8a8d\u8b49
DEFAULT Auth-Type := LDAP
Fall-Through = 1<\/p>\n\n\n\n
\u8a2d\u5b9aradius.conf<\/strong>
\u5728module\u5340\u6bb5\u5167\u8a2d\u5b9a\u4ee5\u4e0b<\/strong>
ldap { #\u5b9a\u7fa9rlm_ldap\u6a21\u7d44
server = “127.0.0.1”
#ldap\u4e3b\u6a5f\u4f4d\u7f6e
identity = “cn=root,dc=xxx,dc=xxx,dc=xxx,dc=xxx”
password = xxxxxxx
#\u7e6b\u7d50ldap\u4e3b\u6a5f\u6703\u4f7f\u7528identity\u505a\u70badn,\u4f7f\u7528password\u505a\u70ba\u8a72\u5bc6\u78bc
basedn = “dc=xxx,dc=xxx,dc=xxx,dc=xxx”
#\u641c\u5c0b\u4f7f\u7684\u57fa\u672c\u8b58\u5225\u540d\u7a31
filter = “(uid=%{Stripped-User-Name:-%{User-Name}})”
#filter\u7684\u8a2d\u5b9a\u4f9d\u64darfc2254,\u9810\u8a2d\u503c\u70ba(uid=%u)
ldap_connections_number = 5
#radius\u6240\u80fd\u7dad\u6301\u7684\u9023\u7dda\u7e3d\u6578
password_attribute = userPassword
#\u4f7f\u7528\u8005\u5bc6\u78bc\u4e4b\u5c6c\u6027
password_header = “{crypt}”
#\u53bb\u9664\u5bc6\u78bc\u958b\u982d\u7684\u6a19\u982d,ex:{CRYPT}
access_attr = “uid”
dictionary_mapping = ${raddbdir}\/ldap.attrmap
edir_account_policy_check=no
timeout = 4
timelimit = 3
net_timeout = 1
}
\u5728authenticate\u5340\u6bb5\u5167\u8a2d\u5b9a\u4ee5\u4e0b<\/strong>
Auth-Type LDAP {
\u3000ldap
}
\u5728authorize\u5340\u6bb5\u5167\u8a2d\u5b9a\u4ee5\u4e0b<\/strong>
ldap<\/p>\n\n\n\n
4
\u8a2d\u5b9a client.conf<\/strong>
\u9996\u5148\u5148\u628a\u4e0b\u9762\u5340\u584a\u88e1\u7684\u5bc6\u78bc\u66f4\u6539\u4e00\u4e0b
client 127.0.0.1 {
\u3000secret = \u6821\u5712\u5167\u90e8\u5bc6\u78bc
}<\/p>\n\n\n\n
\u91cd\u555f\u52d5 FreeRadius<\/strong>
\u6e2c\u8a66 Radius \u662f\u5426\u6709\u53bb\u627e LDAP \u9a57\u8b49
\u57f7\u884cradtest <\u5e33\u865f> <\u5bc6\u78bc> < \u8a8d\u8b49\u4f4d\u5740[:\u8a8d\u8b49\u57e0]> < nas-port-number> < secret >
\u82e5\u6210\u529f\u6703\u51fa\u73ferad_recv: Access-Accept …\u7b49\u8a0a\u606f
\u82e5\u5931\u6557\u6703\u51fa\u73ferad_recv: Access-Reject …\u7b49\u8a0a\u606f<\/p>\n","protected":false},"excerpt":{"rendered":"