<HTML ><HEAD ><TITLE >LDAP $B$r;H$C$?(B Radius $BG'>Z(B</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.54"><LINK REL="HOME" TITLE="LDAP Implementation HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="pam_ldap $B$H(B nss_ldap $B$r;H$C$?(B LDAP $BG'>Z(B" HREF="pamnss.html"><LINK REL="NEXT" TITLE="Samba" HREF="samba.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" ><DIV CLASS="NAVHEADER" ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >LDAP Implementation HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="pamnss.html" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="samba.html" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="RADIUS" >3. LDAP $B$r;H$C$?(B Radius $BG'>Z(B</A ></H1 ><P >Radius $B%5!<%P$O!"(BRadius $B%W%m%H%3%k%5!<%P$N3+@_$r(B Un*x $B%*%Z%l!<%F%#%s%0%7%9%F%`$G2DG=$H$9$k%G!<%b%s$G$9!#$3$l$O$U$D$&!"(B $B%@%$%"%k%"%C%W%f!<%6$NG'>Z$*$h$S%"%+%&%s%H4IM}$N$?$a$K;H$o$l$^$9!#(B $B%5!<%P$rMxMQ$9$k$K$O!"$=$N%5!<%P$KOC$7$+$1$k$3$H$K$J$k(B $B%/%i%$%"%s%H$bE,@Z$K@_Dj$9$kI,MW$,$"$j$^$9!#DL>o!"%/%i%$%"%s%H$O(B $B%?!<%_%J%k%5!<%P$+!"$^$?$O%?!<%_%J%k%5!<%P$r%(%_%e%l!<%H$9$k(B $BE,@Z$J%=%U%H(B (PortSlave $B$d(B radiusclient $BEy!9(B) $B$N$"$k(B PC $B$G$9!#(B [FreeRadius $B$N(B FAQ $B$h$j(B]</P ><P >Radius $B$O%f!<%6$K$D$$$F$N<+A0$N%G!<%?%Y!<%9$r;}$C$F$$$^$9$,!"(B $BF1$8>pJs$,(B LDAP $B$K$b4^$^$l$F$$$k$N$G!"$3$C$A$r;H$&J}$,JXMx$G$9!*(B</P ><P >$B%U%j!<%&%'%"$N(B Radius $B%5!<%P$O4v$D$+$"$j$^$9$,!"(B LDAP $B$X$N%5%]!<%H$,NI$$$b$N$K(B FreeRadius $B$H$$$&%5!<%P(B (<A HREF="http://www.freeradius.org" TARGET="_top" >http://www.freeradius.org</A >) $B$,$"$j$^$9!#$3$l$O$^$@3+H/HG$H$O$$$(!"(B LDAP $B%b%8%e!<%k$O$&$^$/F0:n$7$F$$$^$9!#(B</P ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN365" >3.1. FreeRadius $BHG(B Radiusd $B$N@_Dj(B</A ></H2 ><P >$B%5!<%P$r%$%s%9%H!<%k$7$?$J$i!"(B $B@_Dj%U%!%$%k$rMQ$$$F@_Dj$7$J$/$F$O$J$j$^$;$s!#(B $B@_Dj%U%!%$%k$O(B <TT CLASS="FILENAME" >/etc/raddb</TT > ($B$^$?$O(B <TT CLASS="FILENAME" >/usr/local/etc/raddb</TT >) $B0J2<$KG[CV$5$l$F$$$^$9!#(B</P ><P ><TT CLASS="FILENAME" >radiusd.conf</TT > $B$NFbMF$O!"0J2<$N$h$&$K(B $BJT=8$7$F$/$@$5$$!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >[$B>JN,(B] # Uncomment this if you want to use ldap (Auth-Type = LDAP) # Also uncomment it in the authenticate{} block below ldap { server = ldap.yourorg.com #login = "cn=admin,o=My Org,c=US" #password = mypass basedn = "ou=users,dc=yourorg,dc=com" filter = "(&(objectclass=posixAccount)(uid=%u))" } [$B>JN,(B] # Authentication types, Auth-Type = System and PAM for now. authenticate { pam unix # sql # sql2 # Uncomment this if you want to use ldap (Auth-Type = LDAP) ldap } [$B>JN,(B]</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$^$?!"(B<TT CLASS="FILENAME" >dictionary</TT > $B%U%!%$%k$b(B $B0J2<$N$h$&$KJT=8$7$F$/$@$5$$!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >[$B>JN,(B] # # Non-Protocol Integer Translations # VALUE Auth-Type Local 0 VALUE Auth-Type System 1 VALUE Auth-Type SecurID 2 VALUE Auth-Type Crypt-Local 3 VALUE Auth-Type Reject 4 VALUE Auth-Type ActivCard 4 VALUE Auth-Type LDAP 5 [$B>JN,(B]</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$5$i$K(B <TT CLASS="FILENAME" >users</TT > $B%U%!%$%k$N(B $B%G%U%)%k%H$NG'>ZJ}<0$N%(%s%H%j$r<!$N$h$&$K$7$F$/$@$5$$!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >[$B>JN,(B] DEFAULT Auth-Type = LDAP Fall-Through = 1 [$B>JN,(B]</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$9$G$K(B LDAP $B%5!<%P$r(B Un*x $B$N%"%+%&%s%H4IM}$N$?$a$K(B $B@_Dj$7$F$"$l$P!"$3$l$G==J,$G$9!#(B</P ><P >LDAP $B%5!<%P>e$G$O!"(BRadius $B%5!<%P$,$"$i$f$k(B posixAccount $B$N(B $BB0@-(B ($BFC$K(B <TT CLASS="FILENAME" >uid</TT > $B$H(B <TT CLASS="FILENAME" >userpassword</TT >) $B$r3N<B$KFI$`$3$H$,$G$-$k$h$&$K$7$F$*$$$F$/$@$5$$!#(B</P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN386" >3.2. Radius $BG'>Z$N%F%9%H(B</A ></H2 ><P >$B%5!<%P$r%F%9%H$9$k$?$a$K!"<!$N$h$&$K(B <TT CLASS="FILENAME" >radiusd</TT > $B$r%G%P%C%0%b!<%I$G5/F0$7$F$/$@$5$$!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >/usr/local/sbin/radiusd -X -A</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$=$l$+$i<!$N$h$&$J9=J8$G(B <TT CLASS="FILENAME" >radtest</TT > $B$r;H$$$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >radtest $B%f!<%6L>(B "$B%Q%9%o!<%I(B" radius.yourorg.com 1 testing123 </PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$9$Y$F$&$^$/$$$1$P!"(BAccess-Accept $B%Q%1%C%H$r(B $B$=$N(B Radius $B%5!<%P$+$i<u?.$9$k$O$:$G$9!#(B</P ><P >$B%/%i%$%"%s%H%b!<%I$G(B stunnel $B$r;H$C$F!"(B Radius $B%5!<%P$H(B LDAPS $B%5!<%P4V$N@\B3$K(B SSL $B$rDs6!$9$k$3$H$b$G$-$^$9!#(B SSL $B$N>\:Y$K$D$$$F$O(B <A HREF="ssl.html" >Section 10</A > $B$r;2>H$7$F$/$@$5$$!#(B</P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN399" >3.3. Cisco IOS $B$N@_DjNc(B</A ></H2 ><P >$BK|A4$r4|$9$k$?$a$K!"$3$3$K(B Cisco IOS $B$N@_DjNc$r=q$$$F$*$-$^$9!#(B $B$?$@!"$3$NNc$O$3$N(B HOWTO $B$NL\E*$H$O30$l$F$$$^$9$N$G!"(B $B$"$J$?$NMW5a$K$OE,9g$7$F$$$J$$$+$b$7$l$^$;$s!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >[$B>JN,(B] aaa new-model aaa authentication login default radius enable aaa authentication ppp default radius aaa authorization network radius [$B>JN,(B] radius-server host 192.168.10.1 radius-server timeout 10 radius-server key cisco [$B>JN,(B]</PRE ></FONT ></TD ></TR ></TABLE ></P ><DIV CLASS="NOTE" ><BLOCKQUOTE CLASS="NOTE" ><P ><B >Note: </B >$B$[$H$s$I$9$Y$F$N(B NAS $B$O(B Radius $B$K(B 1645 $BHV$N%]!<%H$r;HMQ$7$^$9!#(B $B3NG'$N$&$(!"E,@Z$K%5!<%P$r@_Dj$7$F$/$@$5$$!#(B</P ></BLOCKQUOTE ></DIV ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="pamnss.html" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="samba.html" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >pam_ldap $B$H(B nss_ldap $B$r;H$C$?(B LDAP $BG'>Z(B</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Samba</TD ></TR ></TABLE ></DIV ></BODY ></HTML >