== FreeRadius + LDAP


apt-get install freeradius freeradius-ldap

vim /etc/freeradius/radiusd.conf
modules{
        ldap {
                server = "ldap1.com"
		basedn = "dc=ldap1,dc=com"
		basedn = "ou=People,dc=ldap1,dc=com"
		filter ="(&(objectclass=posixAccount)(uid=%{Stripped-User-Name:-%{User-Name}}))"
		#access_attr = "dialupAccess"
	}

	authorize {
	ldap   #coment out
	}
}
authenticate {
        Auth-Type LDAP {
                ldap
        }
}


以下書き換える。
vim /etc/freeradius/users
DEFAULT Auth-Type = LDAP      
        Fall-Through = 1

view /etc/freeradius/clients.conf
client 127.0.0.1/24 {
        secret          = testing123
        shortname       = localhost
}

/etc/init.d/freeradius restart
radtest sakai PASSWORD localhost 0 testing123


== TLS

TLSやTTLSの場合は、debianのapt-getではモジュールが入らないので、ソースからいれる。

apt-get install build-essential
apt-get install apt-src
apt-src update
mkdir ~/build_freeradius
cd ~/build_freeradius
apt-src install freeradius

vim ~/build_freeradius/freeradius-1.1.3/debian/rules
#buildssl=--without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls --without-rlm_otp 
          --without-rlm_sql_postgresql --without-snmp
#modulelist=krb5 ldap sql_mysql sql_iodbc

buildssl=--with-rlm_sql_postgresql_lib_dir=`pg_config --libdir` 
         --with-rlm_sql_postgresql_include_dir=`pg_config --includedir`
modulelist=krb5 ldap sql_mysql sql_iodbc sql_postgresql


vim ~/build_freeradius/freeradius-1.1.3/debian/control

Source: freeradius
Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev,
               libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2),
               libperl-dev, libtool, dpkg-dev (>= 1.13.19), libssl-dev, libpq-dev
Build-Conflicts:

cd ~/build_freeradius/freeradius-1.1.3/debian
cat control.postgresql >> control

以下加える

vim ~/build_freeradius/freeradius-1.1.3/debian/changelog
freeradius (1.1.3-3tls) unstable; urgency=low

  * Add TLS.  Closes: #403389.

 -- Jun Sakai <jmisc@hotmail.com>  Sat, 16 Dec 2006 20:45:11 +0000


# cd ~/build_freeradius
# apt-src build freeradius

 dpkg -i freeradius_1.1.3-3tls_i386.deb　freeradius-ldap_1.1.3-3tls_i386.deb



秘密鍵の生成と、証明書発行要求の作成
  % openssl req -new -newkey rsa:2048 -keyout rad-privkey.pem -out rad-req.pem

証明書発行要求の処理
  # openssl ca -out rad-cert.pem -infiles rad-req.pem

秘密鍵のパスワードの解除
  # openssl rsa -in rad-privkey.pem -out rad-priv.pem

DSAパラメータファイルの作成
  # openssl dsaparam -out dh2048.pem 2048

CAの証明書 (OpenSSLでCAを設定した時に出来る)
WindowsXPに読み込ませる為に、DER形式の証明書を作成。
  % openssl x509 -in cacert.pem -out cacert.der -outform DER


vim /etc/freeradius/eap.conf
        eap {
                #default_eap_type = md5
                default_eap_type = peap

                tls {
                        private_key_password = 88390LPP
                        private_key_file = /usr/local/RADIUS/rad-priv.pem

                        #  If Private key & Certificate are located in
                        #  the same file, then private_key_file &
                        #  certificate_file must contain the same file
                        #  name.
                        certificate_file = /usr/local/RADIUS/rad-cert.pem

                        #  Trusted Root CA list
                        CA_file = /usr/local/CA/cacert.pem

                        dh_file = /usr/local/RADIUS/dh2048.pem
                        random_file = /dev/urandom

                peap {
                        default_eap_type = mschapv2
                }

                mschapv2 {
                }
	}