怎么判断radius连上了openldap

发布网友 发布时间:2022-04-22 15:53

我来回答

1个回答

热心网友 时间:2023-06-22 23:47

openldap快速安装步骤
依赖环境:openSSL-0.9.8e;cyrus-sasl-2.1.22;BerkeleyDB4.6.21;openLDAP-2.4.13
1、tar -xvf openldap-VERSION.tgz
2、cd openldap-VERSION
3、./configure
4、make depend
5、make
6、make test
7、make install
----------------------------------------------------------------
freeradius安装
./configure
make && make install 即可.
**** 最好现正openldap,然后再装freeradius ****
--------------------------------------------------------------------
radius配置
1、添加参数名映射:
#vim ldap.attrmap
checkItem User-Password userPassword
2、配置radius的ldap连接属性
#vim moles/ldap
ldap {
server = "127.0.0.1"
identity = "cn=Manager,dc=feixia,dc=com"
password = talent
basedn = "dc=feixia,dc=com"
filter = "(cn=%{%{Stripped-User-Name}:-%{User-Name}})"
}

3、开启认证模式:
#vim sites-enabled/default
authenticate {

ldap #去掉注释

Auth-Type LDAP {
ldap
}

}

4、服务管理
启动服务 /usr/local/sbin/radiusd
调试服务 /usr/local/sbin/radiusd -X
配置文件默认路径 /usr/local/etc/raddb
测试服务是否正常 radtest admin password localhost 0 testing123
无法启动时:ldconfig

----------------------------------------------------------------
LDAP配置
1、加载schema
#vim /usr/local/etc/openldap/slapd.conf
#加入以下配置参数
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/collective.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/aconf.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/dyngroup.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
#设置ldap根目录和密码
suffix "dc=feixia,dc=com"
rootdn "cn=Manager,dc=feixia,dc=com"
rootpw talent
2、拷贝配置文件,在启动ldap
将radius安装包中的 doc/examples/下的样例文件拷贝到LDAP配置文件目录下 schema/
#iplanet.ldif iplanet.schema openldap.schema postgresql_update_radacct_group_trigger.sql
3、开启调试ldap
#/usr/local/libexec/slapd -d 1
4、添加ldap节点
创建文件user.ldif,内如如下:
version: 1
dn: dc=feixia,dc=com
objectClass: dcObject
objectClass: organization
dc:: dG9wc2VjIA==
o: test
dn: cn=Manager,dc=feixia,dc=com
objectClass: organizationalRole
cn: Manager
dn: cn=test,cn=Manager,dc=feixia,dc=com
objectClass: radiusprofile
objectClass: person
cn: test
sn: test
radiusTunnelMediumType: IEEE-802
radiusTunnelPrivateGroupId: 3
radiusTunnelType: VLAN
radiusUserCategory: 1
telephoneNumber: 87653321
userPassword:: dGVzdA==
导入节点
#ldapadd -D cn=Manager,dc=feixia,dc=com -w talent -f user.ldif
5、LDAP服务
默认配置文件 /usr/local/etc/openldap/
启动个服务 /usr/local/libexec/slapd
测试服务是否正常 ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
----------------------------------------------------------------
----------- 依赖包安装 ---------------
----------------------------------------------------------------
BerkeleyDB安装
# tar xvfz db-4.6.21.tar.gz
# cd db-4.6.21/build_unix/
# ../dist/configure -prefix=/usr/local/BerkeleyDB
再make && make install即可.
指明库路径 或者把/usr/loca/BerkeleyDB/include/* 拷贝到/usr/include下,lib同样
export CPPFLAGS="-I/usr/local/BerkeleyDB/include"
export LDFLAGS="-L/usr/local/BerkeleyDB/lib"
--------------------------------------------------------------------------
思科交换机开启radius认证
#删除使用 no radius-server host 192.168.71.158 auth-port 1812 key testing123
#查看使用 show running-config
#查看所有开放认证端口 show dot1x all
#完成配置退出 end
dot1x system-auth-control
radius-server host 192.168.71.158 auth-port 1812 key testing123
radius-server retransmit 3
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
#设置认证端口
interface FastEthernet0/14
switchport mode access
dot1x port-control auto
no ip address
spanning-tree portfast #这句会自动加上,如果没有则手动添加
#成功设置后的端口状态
interface FastEthernet0/6
switchport mode access
dot1x port-control auto
spanning-tree portfast

#保存配置重启后不丢失
do wr 或者是 do copy running-config startup-config
cisco 2950开启spam端口镜像命令
配置被镜像端口:
  Switch(config)# monitor session 1 source interface fastethernet 0/1-23
配置镜像端口:
  Switch(config)# monitor session 1 destination interface fastethernet 0/24

声明声明:本网页内容为用户发布,旨在传播知识,不代表本网认同其观点,若有侵权等问题请及时与本网联系,我们将在第一时间删除处理。E-MAIL:11247931@qq.com