== FreeRadius + LDAP apt-get install freeradius freeradius-ldap vim /etc/freeradius/radiusd.conf modules{ ldap { server = "ldap1.com" basedn = "dc=ldap1,dc=com" basedn = "ou=People,dc=ldap1,dc=com" filter ="(&(objectclass=posixAccount)(uid=%{Stripped-User-Name:-%{User-Name}}))" #access_attr = "dialupAccess" } authorize { ldap #coment out } } authenticate { Auth-Type LDAP { ldap } } 以下書き換える。 vim /etc/freeradius/users DEFAULT Auth-Type = LDAP Fall-Through = 1 view /etc/freeradius/clients.conf client 127.0.0.1/24 { secret = testing123 shortname = localhost } /etc/init.d/freeradius restart radtest sakai PASSWORD localhost 0 testing123 == TLS TLSやTTLSの場合は、debianのapt-getではモジュールが入らないので、ソースからいれる。 apt-get install build-essential apt-get install apt-src apt-src update mkdir ~/build_freeradius cd ~/build_freeradius apt-src install freeradius vim ~/build_freeradius/freeradius-1.1.3/debian/rules #buildssl=--without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls --without-rlm_otp --without-rlm_sql_postgresql --without-snmp #modulelist=krb5 ldap sql_mysql sql_iodbc buildssl=--with-rlm_sql_postgresql_lib_dir=`pg_config --libdir` --with-rlm_sql_postgresql_include_dir=`pg_config --includedir` modulelist=krb5 ldap sql_mysql sql_iodbc sql_postgresql vim ~/build_freeradius/freeradius-1.1.3/debian/control Source: freeradius Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libssl-dev, libpq-dev Build-Conflicts: cd ~/build_freeradius/freeradius-1.1.3/debian cat control.postgresql >> control 以下加える vim ~/build_freeradius/freeradius-1.1.3/debian/changelog freeradius (1.1.3-3tls) unstable; urgency=low * Add TLS. Closes: #403389. -- Jun Sakai Sat, 16 Dec 2006 20:45:11 +0000 # cd ~/build_freeradius # apt-src build freeradius dpkg -i freeradius_1.1.3-3tls_i386.deb freeradius-ldap_1.1.3-3tls_i386.deb 秘密鍵の生成と、証明書発行要求の作成 % openssl req -new -newkey rsa:2048 -keyout rad-privkey.pem -out rad-req.pem 証明書発行要求の処理 # openssl ca -out rad-cert.pem -infiles rad-req.pem 秘密鍵のパスワードの解除 # openssl rsa -in rad-privkey.pem -out rad-priv.pem DSAパラメータファイルの作成 # openssl dsaparam -out dh2048.pem 2048 CAの証明書 (OpenSSLでCAを設定した時に出来る) WindowsXPに読み込ませる為に、DER形式の証明書を作成。 % openssl x509 -in cacert.pem -out cacert.der -outform DER vim /etc/freeradius/eap.conf eap { #default_eap_type = md5 default_eap_type = peap tls { private_key_password = 88390LPP private_key_file = /usr/local/RADIUS/rad-priv.pem # If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. certificate_file = /usr/local/RADIUS/rad-cert.pem # Trusted Root CA list CA_file = /usr/local/CA/cacert.pem dh_file = /usr/local/RADIUS/dh2048.pem random_file = /dev/urandom peap { default_eap_type = mschapv2 } mschapv2 { } }