[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [Fwd: [Fedora-directory-users] Integrating RADIUS schema in Fedora-ds]



Not sure if this is the best place to ask this but have been looking for some decent documentation on integrating RADIUS schema into Fedora-ds so I can authenticate against my directory. Tons of docs on doing the same with OpenLDAP, but slim to none with Fedora-ds (btw-- I do know about freeipa, but I'm not using it). I see my RADIUS schema object classes as radiusprofile and radiusobject profile; however, I can not seem to figure out how to get these integrated into my directory properly to use it with RADIUS. If I look at my 'addtional indexes' I only can add radiusprofile indexes such as radiusframedmtu. Would seem I am going to need to get radiusobjectprofile and its related indexes (uid, userPassword) in there if this is to work for authentication. Can anyone point me in the right direction with getting RADIUS schema properly integrated into my directory so I can point RADIUS at it and use it for user authentication??? I'm also a bit curious on the DESC field being blank for all the OIDs and whether they should go or populated with iinfo similar to the OID name. Appreciate any and all answers. Thank you...

I can send you the radius profile directory server schema we're using in IPA. But the larger question is why do you think you need the schema in the first place. You state all you want to do is authenticate against DS, which means all you are doing is a bind, and most likely only a simple bind with a plain text password. To accomplish that you'll need to enable ldap in the authenticate section of /etc/raddb/radiusd.conf. I believe you'll need to move ldap to be above any other plain text password authentication mechanisms in the authenticate section so the ldap module gets first crack, or disable the other mechanisms. In the modules section you'll also need to set your basic ldap parameters, e.g. server, filter, etc. The filter will need to be able to locate a user by performing a search. The user's dn is derived from the successful search result and that dn is then used to perform the bind with the password found in the request auth packet. None of this requires schema.

If however you want to manage profiles with radius attribute/value pairs then you'll need the schema, but that doesn't sound like what you're asking for.

In any event, let me know if you want the schema, I'll send it to you.

--
John Dennis <jdennis redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]