I wrote this while working for APCi. This is by no means comprehensive documentation. It's not meant to be. I wrote this so that I could remember what I did from day to day. DO NOT follow this to the letter. It will not work and it will leave your system open to attack. Use this documentation as a guide and possibly idea generator, nothing else. It's not my fault if you blow up your system.
19 (Somewhat) Easy Steps to RADIUS/LDAP Auth
- Get ldap packages
- Set BASE in /etc/openldap/ldap.conf
- Set rootdn, rootpw, and suffix in /etc/openldap/slapd.conf
- Try to connect, you should get "No such object" not "Invalid Credentials"
- Get MigrationTools: http://www.padl.com/OSS/MigrationTools.html
- Set DEFAULT_MAIL_DOMAIN and DEFAULT_MBASE in *.ph
- ./migrate_passwd.pl /etc/passwd passwd.ldif
- Create parents in ldif (dn=booter and dn=booter,ou=People don't forget o:)
- ldapadd -f passwd.ldif -x -D "cn=Manager,dc=booter" -W
- Make sure that ou=People shows up along w/ subentries
- top,posix account, account, shadow account
- Make an account in the LDAP that isn't in /etc/passwd (uid# 501)
- touch /tmp/test && chown 501 /tmp/test && ls -l /temp/test
look for uid, not uid# - /etc/pam_ldap.conf
- Make sure you can log in as a user in LDAP.
- Install FreeRadius (have fun getting rpm to cooperate)
- Hack and Slash /etc/radiusd, /etc/dictionary, /etc/users
- Make sure user has objectClass: radiusprofile and Attribute: dialupAccess
- radtest username "password" localhost 1 testing123
References:
http://lists.cistron.nl/pipermail/freeradius-users/1999-September/001940.htmlhttp://lists.cistron.nl/pipermail/freeradius-devel/2002-May/002586.html
http://www.openldap.org/lists/openldap-software/200105/msg00470.html
http://tldp.org/HOWTO/LDAP-Implementation-HOWTO/radius.html
http://www.metaconsultancy.com/whitepapers/ldap-linux.htm
http://www.openldap.org/doc/admin21/
http://tldp.org/HOWTO/LDAP-HOWTO/dbonline.html
Last updated: Sunday, 20-Sep-2009 16:55:49 CDT
Contact me at randall dot will at gmail dot com
Hobbies
Vintage MotorcyclesNetworking
FacebookPresence
UbuntuDiscount ASP.NET
CPAN
p2p Wrox
Roundcube
Freshmeat
Blogger
uShip
Psychology Software Tools
Virtual Corvair Club
Chopper Charles
Live Journal
Thoughts
Borrowed PhilosophyHistorical Histrionics
Current Histrionics
Old Projects
Motorola V400 / LinuxHP ZE4200 / Linux
VPR Matrix 220a5 / Linux
FreeRadius Accounting / Linux
LDAP / FreeRadius Auth / Linux
Remote MySQL / OSX
Stewie Radio Automation
Wireless Wandering Done Right
DynDNS: TinyDNS / OpenSSH
Xilinx WebPACK 6.3 / Wine
Xilinx WebPACK 7.1 / Debian
Apache 301 Redirection
Using Your Debian Cache
Google AdSense
Gnome AdSense Monitor
Pixlatch Gallery Generator
C#.NET Tips & Tricks
Ubuntu Breezy Clockmod Bug