Configuring the RADIUS (Remote Authentication Dial In User Service) server involves configuring the RADIUS server and the RADIUS client (for authentication and authorization). FreeRADIUS configuration files are usually stored in the /etc/raddb folder. The following example demonstrates how to configure the FreeRADIUS server for authentication and LDAP support:
log_auth = yes (log authentication requests to the log file) log_auth_badpass = no (don't log passwords if request rejected) log_auth_goodpass = no (don't log passwords if request accepted)
Print
this page
Email this topic
Feedback
View PDF
Download EPUB
modules {
ldap {
server = "ldaptest.extremenetworks.com"
basedn = "o=ldaptestdemo,dc=extremenetworks,dc=com"
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
authtype = ldap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
}
authorize {
preprocess
chap
mschap
suffix
ldap
eap
files
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
ldap
eap
An Extreme Networks edge switch serves as a network access server (NAS) for workstations and as a RADIUS client for the RADIUS server.
client 192.168.1.1 {
secret = extreme1
shortname = ldap-demo
}