2008-04-02
freeRADIUS と LDAP の連携 -続き
/etc/raddb/radiusd.conf の編集
# identity: DN under which LDAP searches are done password: pasword
# which authenticate this DN default: anonymous bind, no password
# required NOTE: searches are done now over unencrypted connection!
#
# identity = "cn=admin,o=My Org,c=UA" password = mypass
http://wiki.freeradius.org/Rlm_ldap
デフォルトで匿名認証なので,下記 2 行を削除する.
ldap {
identity = "cn=Manager,dc=hexa,dc=diary"
password = "secret"
}
/etc/openldap/slapd.conf の編集
下記の内容に変更する.
access to attrs=userPassword
by dn="cn=Manager,dc=hexa,dc=diary" =rwcsx
by anonymous auth
access to *
by dn="cn=Manager,dc=hexa,dc=diary" =rwcsx
by anonymous =rs
by * none
access to attrs=userPassword 行の直下にコメント行を入れると warning になり,
access 行が無視されるので,注意する.
認証要求(radclient)
echo "User-Name=hexa, User-Password=secret, NAS-Port=1, NAS-IP-Address=127.0.0.1" | radclient -x 192.168.1.6:1812 1 secret
ログ(freeRADIUS)
rad_recv: Access-Request packet from host 192.168.1.2:54182, id=105, length=56
User-Name = "hexa"
User-Password = "secret"
NAS-Port = 1
NAS-IP-Address = 127.0.0.1
rlm_ldap: - authenticate
rlm_ldap: login attempt by "hexa" with password "secret"
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to 192.168.1.6:389, authentication 0
rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
rlm_ldap: bind as / to 192.168.1.6:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: user DN: cn=hexa,ou=Radius,dc=hexa,dc=diary
rlm_ldap: (re)connect to 192.168.1.6:389, authentication 1
rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
rlm_ldap: bind as cn=hexa,ou=Radius,dc=hexa,dc=diary/secret to 192.168.1.6:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user hexa authenticated succesfully
Sending Access-Accept of id 105 to 192.168.1.2 port 54182
Access-Accept が返ってきたので設定終了.
Permalink | コメント(0) | トラックバック(0) | 02:03 
