https://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto
In order to get FreeRADIUS working, the following files must be configured:
- clients.conf
- mods-available/mschap
- mods-available/eap
- users
Test AD | |
---|---|
ldapsearch | ldapsearch -h localhost -p 10389 -D "uid=admin,ou=system" -w secret -b dc=example,dc=com objectclass=person |
Test FreeRadius | |
radtest | |
NTRadping | |
Integration | |
install | apt install freeradius-ldap |
Change configs | |
mods-available | |
clients.conf | |
NAS or Radius clients ( no mysql DB ) | /etc/freeradius/3.0/clients.conf client 192.168.0.203 { secret = testing123 shortname = 192.168.0.203 nastype = laptop } |
/etc/freeradius/3.0/radiusd.conf | |
mschap | |
eap | |
ldap module | more /etc/freeradius/3.0/mods-available/ldap | grep "#" -v | grep -v "^[[:space:]]*$" port = 10389 identity = 'uid=admin,ou=system' base_dn = 'dc=example,dc=com' Example of ldapsearch: Apache Directory Server or ApacheDS and Apache Studio |
sites-available file | /etc/freeradius/3.0/sites-available/default hash: # filesd AUTHORIZATION: MSCHAP AUTHENTICATION: LDAP >> iner-tunnel filename >> site-name filename |
inner-tunnel is a virtual server and handles only inner tunnel requests for EAP-TTLS and PEAP types. | |
/etc/freeradius/3.0/ldap.attrmap in this file you map LDAP attributes to RADIUS dictionary attributes. | |
radtest | radtest and mysql query |
radtest -t mschap %user_name% %user_password% localhost 1812 %nas_password% radtest testuser1 password1 localhost 1812 testing123 | |