I configure the FreeRadius + OpenLdap OS bundle centos7 OS. The task at the moment: there is a Mikrotik that should connect to the radius and fulfill the role of a dhcp server, ip should receive from LDAP. On Mikrotik I set up a connection to the radius and assigned the role of a dhcp server, in the dhcp server I set the Use RADIUS flag. In conjunction with mysql everything works, set up for this article. Linked to the LDAP in this file /etc/raddb/mods-enabled/ldap .
ldap { server = "ldap.local" port = 389 identity = "uid=radius,ou=services,dc=server,dc=com" password = password base_dn = "dc=server,dc=com" user { base_dn = "${..base_dn}" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" access_attribute = "uid" } group { base_dn = "${..base_dn}" filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=posixGroup)(memberUid=%{Ldap-UserDn})))" } profile { filter = "(objectclass=radiusprofile)" } client { base_dn = "${..base_dn}" attribute { identifier = 'radiusClientIdentifier' secret = 'radiusClientSecret' } } accounting { reference = "%{tolower:type.%{Acct-Status-Type}}" type { start { update { description := "Online at %S" } } interim-update { update { description := "Last seen at %S" } } stop { update { description := "Offline at %S" } } } } post-auth { update { description := "Authenticated at %S" } } It turned out to connect the client through the test
radtest 00:18:DE:9D:45:98 Accept localhost 10 testing123 Sending Access-Request Id 130 from 0.0.0.0:33563 to 127.0.0.1:1812 User-Name = '00:18:DE:9D:45:98' User-Password = 'Accept' NAS-IP-Address = 10.0.1.154 NAS-Port = 10 Message-Authenticator = 0x00 Received Access-Accept Id 130 from 127.0.0.1:1812 to 127.0.0.1:33563 length 20 Record in this client's LAP:
description: Authenticated at 2016-06-09 16:19:45 objectclass: account objectclass: simpleSecurityObject objectclass: top objectclass: radiusprofile radiusframedipaddress: 192.168.88.27 radiusnasipaddress: 10.13.0.70 uid: 00:18:DE:9D:45:98 userpassword: Accept The problem is that I do not know how to create an LDAP entry for the NAS and what attributes should be added to the LDAP entry for clients so that they start receiving ip from the radius. I will be glad to your additions and teachings. And also to working configs.
