--with-experimental-modules Use experimental and unstable modules. (default=no)
--enable-developer Turns on super-duper-extra-compile-warnings
when using gcc.
+ --with-edir Compile with support for Novell eDirectory
+ integration.
To get the defaults that Cistron Radius used up to 1.5.4.3-beta18, use:
ldap_cache_size = 0
ldap_connections_number = 10
#password_header = {clear}
+#While integrating FreeRADIUS with Novell eDirectory, set
+#'password_attribute = nspmpassword' in order to use the universal password
+#of the eDirectory users for RADIUS authentication. This will work only if
+#FreeRADIUS is configured to build with --with-edir option.
password_attribute = userPassword
+#Comment out the following to disable the eDirectory account policy check and
+#intruder detection. This will work only if FreeRADIUS is configured to build
+#with --with-edir option.
+#edir_account_policy_check=no
groupname_attribute = radiusGroupName
groupmembership_filter = (&(uid=%{Stripped-User-Name:-%{User-Name}})
(objectclass=radiusprofile))
# password_attribute: Define the attribute which contains the user
# password.
+# While integrating FreeRADIUS with Novell eDirectory, set
+# 'password_attribute = nspmpassword' in order to use the universal
+# password of the eDirectory users for RADIUS authentication. This will
+# work only if FreeRADIUS is configured to build with --with-edir option.
#
# default: NULL - don't add password
#
# password_attribute = "userPassword"
+# edir_account_policy_check: Specifies if the module has to enforce
+# Novell eDirectory account policy check and intruder detection for
+# RADIUS users. This will work only if FreeRADIUS is configured to build
+# with --with-edir option.
+#
+# default: yes - eDirectory account policy check enabled
+#
+# edir_account_policy_check = no
+
# groupname_attribute: The attribute containing group name in the LDAP
# server. It is used to search group by name.
#
# This goes for NT-Passwords stored in SQL, too.
#
# password_attribute = userPassword
+ #
+ # Un-comment the following to disable Novell eDirectory account
+ # policy check and intruder detection. This will work *only if*
+ # FreeRADIUS is configured to build with --with-edir option.
+ #
+ # edir_account_policy_check=no
+ #
# groupname_attribute = cn
# groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
# sql
#
- # Access-Reject packets are sent through the REJECT sub-section
- # of the post-auth section.
+ # Un-comment the following if you have set
+ # 'edir_account_policy_check = yes' in the ldap module sub-section of
+ # the 'modules' section.
+ #
+# ldap
+ #
+ # Access-Reject packets are sent through the REJECT sub-section of the
+ # post-auth section.
+ # Uncomment the following and set the module name to the ldap instance
+ # name if you have set 'edir_account_policy_check = yes' in the ldap
+ # module sub-section of the 'modules' section.
#
# Post-Auth-Type REJECT {
# insert-module-name-here