Freeradius with Zimbra LDAP

Get zimbra LDAP url and password

zmlocalconfig -s ldap_master_url zimbra_ldap_password

Edit /etc/freeradius/modules/ldap

ldap {
...
        server = "ldap_master_url"
        identity = "uid=zimbra,cn=admins,cn=zimbra"
        password = "zimbra_ldap_password"
        basedn = "ou=people,dc=yourHost,dc=yourDomain"
        filter = "(mail=%{mschap:User-Name:-%{User-Name}}@*)"
        base_filter = "(objectClass=organizationalPerson)"
...
}

Edit /etc/freeradius/sites-available/default

authorize {
...
        ldap
...
}

authenticate {
...
        Auth-Type LDAP {
                ldap
        }
...
}

Edit /etc/freeradius/modules/mschap

mschap {
...
        use_mppe = yes
        require_encryption = yes
        require_strong = yes
        with_ntdomain_hack = yes
        ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
...
}

Edit /etc/freeradius/eap.conf

eap {
...
    default_eap_type = ttls
    ...
    gtc {
    ...
        auth_type = PAP
    ...
    }
    ttls {
    ...
        default_eap_type = gtc
    ...
    }
    peap {
    ...
        default_eap_type = gtc
    ...
    }
...
}

Edit /etc/freeradius/clients.conf

...
#client IPv4/CIDR4 {
#        secret = "[email protected]"
#        shortname = ipv4-clients
#}
#client IPv6/CIDR6 {
#       secret = "[email protected]"
#       shortname = ipv6-clients
#}
client 0.0.0.0/0 {
        secret = "[email protected]"
        shortname = ipv4-clients
}
client ::/0 {
       secret = "[email protected]"
       shortname = ipv6-clients
}

Restart freeradius service

systemctl restart radiusd