dusty at doris dot cc
01-09-2003
-This document decribes how to setup Freeradius on a Freebsd machine
+This document describes how to setup Freeradius on a Freebsd machine
using LDAP as a backend. This is by no means complete and your
mileage may vary. If you are having any problems with the setup of
your freeradius installation, please read the documentation that comes
servers that we have so some are acting as a primary to some NAS's and
acting as a secondary to others. In the event of a radius failure,
the NAS should failover to the backup radius server. How to configure
-this is dependant on the particular NAS being used.
+this is dependent on the particular NAS being used.
Will use Radius acct data Billing will provision
ldap_cache_size = 0
ldap_connections_number = 10
#password_header = {clear}
+#While integrating FreeRADIUS with Novell eDirectory, set
+#'password_attribute = nspmpassword' in order to use the universal password
+#of the eDirectory users for RADIUS authentication. This will work only if
+#FreeRADIUS is configured to build with --with-edir option.
password_attribute = userPassword
+#Comment out the following to disable the eDirectory account policy check and
+#intruder detection. This will work only if FreeRADIUS is configured to build
+#with --with-edir option.
+#edir_account_policy_check=no
groupname_attribute = radiusGroupName
groupmembership_filter = (&(uid=%{Stripped-User-Name:-%{User-Name}})
(objectclass=radiusprofile))
file will start with either a username to determine how to authorize a specific
user, or a DEFAULT setting. In each line it will define what items must be
present for there to be a match in the form of attribute == value. If all the
-required attributes are matched, then attributes specified with attribte :=
+required attributes are matched, then attributes specified with attribute :=
value will be set for that user. If no match is found the users file will
continue to be processed until there is a match. The last DEFAULT setting will
be set as a catch-all, in case there is no previous match. If a match is made,
-run slapcat to see what the directory looks like
$ slapcat
-If all went well the LDAP directory should be up and running and propogated to
+If all went well the LDAP directory should be up and running and propagated to
the slaves. Now you can add your users to the master.
Now its time to setup FreeRadius. First cd into /usr/local/etc/raddb and take
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
-usercollide = no
-lower_user = before # lowercase username before auth
-lower_pass = no
-nospace_user = before
-nospace_pass = no
# The program to execute to do concurrency checks.
#checkrad = ${sbindir}/checkrad