Configuring the RADIUS server involves configuring the RADIUS server and the RADIUS client (for authentication and authorization). FreeRADIUS configuration files are usually stored in the /etc/raddb folder. The following example demonstrates how to configure the FreeRADIUS server for authentication and LDAP support:
log_auth = yes (log authentication requests to the log file) log_auth_badpass = no (don't log passwords if request rejected) log_auth_goodpass = no (don't log passwords if request accepted)
Print
this page
Email this topic
Feedback
View PDF
Download EPUB
modules {
ldap {
server = "ldaptest.extremenetworks.com"
basedn = "o=ldaptestdemo,dc=extremenetworks,dc=com"
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
authtype = ldap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
}
authorize {
preprocess
chap
mschap
suffix
ldap
eap
files
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
ldap
eap
An Extreme Networks edge switch serves as a network access server (NAS) for workstations and as a RADIUS client for the RADIUS server.
client 192.168.1.1 {
secret = extreme1
shortname = ldap-demo
}