Centos7 freeradius3 整合 openldap

yum install freeradius freeradius-ldap freeradius-utils -y

修改 /etc/raddb/mods-available/ldap文件

ldap {        server = "127.0.0.1" # 你的openldap server地址        port = 389  # 你的openldap 端口        identity = "cn=Manager,dc=example,dc=com" #你的openldap管理帐号        password = password # 上面帐号对应的密码        base_dn = "dc=example,dc=com"  # 你的openldap对用的base_dn｝

新建/etc/raddb/sites-available/ldap,并添加以下内容

server site_ldap {     listen {          ipaddr = 0.0.0.0         port = 1833         type = auth    }     authorize {         update {             control:Auth-Type := ldap         }    }    authenticate {        Auth-Type ldap {            ldap        }    }       post-auth {        Post-Auth-Type Reject {        }    }}

将/etc/raddb/sites-available/ldap软链接到/etc/raddb/sites-enabled

shell> ln -s /etc/raddb/sites-available/site_ldap /etc/raddb/sites-enabled/ 

测试是否生效

$ radtest username password localhost:1833 0 testing123

返回成功状态

Sending Access-Request Id 120 from 0.0.0.0:43392 to 127.0.0.1:1833
        User-Name = 'username'
        User-Password = 'password'
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00
Received Access-Accept Id 120 from 127.0.0.1:1833 to 127.0.0.1:43392 length 20

参考文章：http://secfree.github.io/blog/2014/03/04/fr09-freeradius3-ldap-auth.html