Get zimbra LDAP url and password
zmlocalconfig -s ldap_master_url zimbra_ldap_password
Edit /etc/freeradius/modules/ldap
ldap { ... server = "ldap_master_url" identity = "uid=zimbra,cn=admins,cn=zimbra" password = "zimbra_ldap_password" basedn = "ou=people,dc=yourHost,dc=yourDomain" filter = "(mail=%{mschap:User-Name:-%{User-Name}}@*)" base_filter = "(objectClass=organizationalPerson)" ... }
Edit /etc/freeradius/sites-available/default
authorize { ... ldap ... } authenticate { ... Auth-Type LDAP { ldap } ... }
Edit /etc/freeradius/modules/mschap
mschap { ... use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" ... }
Edit /etc/freeradius/eap.conf
eap { ... default_eap_type = ttls ... gtc { ... auth_type = PAP ... } ttls { ... default_eap_type = gtc ... } peap { ... default_eap_type = gtc ... } ... }
Edit /etc/freeradius/clients.conf
... #client IPv4/CIDR4 { # secret = "[email protected]" # shortname = ipv4-clients #} #client IPv6/CIDR6 { # secret = "[email protected]" # shortname = ipv6-clients #} client 0.0.0.0/0 { secret = "[email protected]" shortname = ipv4-clients } client ::/0 { secret = "[email protected]" shortname = ipv6-clients }
Restart freeradius service
systemctl restart radiusd
Latest posts by Kawin Viriyaprasopsook (see all)
- Convert flac audio to opus/ogg/mp3 - 2020-12-20
- Fix systemd resolved not working (127.0.0.53) - 2019-09-23
- Safely remove SATA disk from a running Linux system - 2019-05-24