Lokasi Ardelindo Aples Depok


View Ardelindo Aples in a larger map

Senin, 27 Juli 2009

Authentifikasi FreeRadius OpenLDAP

Konfigurasi SLAPD
cd freeradius-1.1.6
cp doc/examples/openldap.schema /etc/ldap/schema/
vim /etc/ldap/slapd.conf
##########################################
include /etc/ldap/schema/openldap.schema
##########################################

Konfigurasi FreeRadius
vim /usr/local/etc/raddb/radiusd.conf

ldap {
server = "127.0.0.1"
identity = "cn=budi,dc=ardelindo,dc=com"
password = rahasia
basedn = "dc=ardelindo,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# base_filter = "(objectclass=radiusprofile)"
#access_attr = "dialupAccess"
edir_account_policy_check=yes
dictionary_mapping = ${raddbdir}/ldap.attrmap
}


authorize {
preprocess
chap
mschap
#digest
#IPASS
suffix
#ntdomain
#eap
#files
#sql
#etc_smbpasswd
ldap
#daily
#checkval
#pap
}

authenticate {
#Auth-Type PAP {
#pap
#}
#Auth-Type CHAP {
#chap
#}
# MSCHAP authentication.
#Auth-Type MS-CHAP {
#mschap
#}
#digest
#pam

#unix

Auth-Type LDAP {
ldap
}
#eap
}

Test Authentifikasi Radius

Sisi Klien
root@ubuntu:~/hotspot/freeradius-1.1.6# radtest budi 23 localhost 0 testing123
Sending Access-Request of id 95 to 127.0.0.1 port 1812
User-Name = "budi"
User-Password = "23"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=95, length=20

Log Server Radius
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 2
rlm_ldap: - authenticate
rlm_ldap: login attempt by "budi" with password "23"
rlm_ldap: user DN: uid=budi,ou=Users,dc=ardelindo,dc=com
rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1
rlm_ldap: bind as uid=budi,ou=Users,dc=ardelindo,dc=com/23 to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user budi authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 2
modcall: leaving group LDAP (returns ok) for request 2
Sending Access-Accept of id 129 to 127.0.0.1 port 44721
Finished request 2
Going to the next request
--- Walking the entire request list ---
Di terbitkan oleh Ardelindo Aples Blog Tutorial Hari Senin, Juli 27, 2009

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)