Configuring the RADIUS server involves
configuring the RADIUS server and the RADIUS client (for authentication and authorization).
FreeRADIUS configuration files are usually stored in the /etc/raddb folder. The following
example demonstrates how to configure the FreeRADIUS server for authentication and LDAP
support:
-
Modify the radiusd.conf file global settings:
log_auth = yes (log authentication requests to the log file)
log_auth_badpass = no (don't log passwords if request rejected)
log_auth_goodpass = no (don't log passwords if request accepted)
-
Modify LDAP Settings:
modules {
ldap {
server = "ldaptest.extremenetworks.com"
basedn = "o=ldaptestdemo,dc=extremenetworks,dc=com"
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
authtype = ldap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
}
-
Uncomment LDAP from the authorize section:
authorize {
preprocess
chap
mschap
suffix
ldap
eap
files
}
-
Uncomment LDAP from the authenticate section:
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
ldap
eap
An Extreme Networks edge switch serves as a network access
server (NAS) for workstations and as a RADIUS client for the RADIUS
server.
RADIUS clients are configured in
/etc/raddb/clients.conf. There are two ways to configure RADIUS clients. Either group the
NAS by IP subnet or list the NAS by host name or IP address.
-
Configure the RADIUS client using the second method.
client 192.168.1.1 {
secret = extreme1
shortname = ldap-demo
}