Get zimbra LDAP url and password
zmlocalconfig -s ldap_master_url zimbra_ldap_password
Edit /etc/freeradius/modules/ldap
ldap {
...
server = "ldap_master_url"
identity = "uid=zimbra,cn=admins,cn=zimbra"
password = "zimbra_ldap_password"
basedn = "ou=people,dc=yourHost,dc=yourDomain"
filter = "(mail=%{mschap:User-Name:-%{User-Name}}@*)"
base_filter = "(objectClass=organizationalPerson)"
...
}
Edit /etc/freeradius/sites-available/default
authorize {
...
ldap
...
}
authenticate {
...
Auth-Type LDAP {
ldap
}
...
}
Edit /etc/freeradius/modules/mschap
mschap {
...
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
...
}
Edit /etc/freeradius/eap.conf
eap {
...
default_eap_type = ttls
...
gtc {
...
auth_type = PAP
...
}
ttls {
...
default_eap_type = gtc
...
}
peap {
...
default_eap_type = gtc
...
}
...
}
Edit /etc/freeradius/clients.conf
...
#client IPv4/CIDR4 {
# secret = "[email protected]"
# shortname = ipv4-clients
#}
#client IPv6/CIDR6 {
# secret = "[email protected]"
# shortname = ipv6-clients
#}
client 0.0.0.0/0 {
secret = "[email protected]"
shortname = ipv4-clients
}
client ::/0 {
secret = "[email protected]"
shortname = ipv6-clients
}
Restart freeradius service
systemctl restart radiusd
Kawin Viriyaprasopsook
System administrator at Zercle Technology Co., Ltd.
System admin กากๆ
รักในการเล่นเกม
ชอบดู Anime ญี่ปุ่น
รักในการเล่นเกม
ชอบดู Anime ญี่ปุ่น
Latest posts by Kawin Viriyaprasopsook (see all)
- Safely remove SATA disk from a running Linux system - 2019-05-24
- Update CentOS kernel for deploy Google BBR - 2019-05-10
- Kernel tuning for linux server - 2019-03-28