aboutsummaryrefslogtreecommitdiff
path: root/files/usr/local/etc/raddb/mods-available/ldap.radius_server
diff options
context:
space:
mode:
Diffstat (limited to 'files/usr/local/etc/raddb/mods-available/ldap.radius_server')
-rw-r--r--files/usr/local/etc/raddb/mods-available/ldap.radius_server107
1 files changed, 107 insertions, 0 deletions
diff --git a/files/usr/local/etc/raddb/mods-available/ldap.radius_server b/files/usr/local/etc/raddb/mods-available/ldap.radius_server
new file mode 100644
index 0000000..09442f0
--- /dev/null
+++ b/files/usr/local/etc/raddb/mods-available/ldap.radius_server
@@ -0,0 +1,107 @@
+ldap {
+ $(printf " server = '%s'\n" ${ldap_hosts})
+
+ base_dn = '${users_basedn}'
+
+ sasl {
+ mech = 'GSSAPI'
+ realm = '${realm}'
+ }
+
+ update {
+ control:Password-With-Header += 'userPassword'
+ control: += 'radiusControlAttribute'
+ request: += 'radiusRequestAttribute'
+ reply: += 'radiusReplyAttribute'
+ }
+
+ user_dn = "LDAP-UserDn"
+
+ user {
+ base_dn = "\${..base_dn}"
+ filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
+ }
+
+ group {
+ base_dn = '${groups_basedn}'
+ filter = '(objectClass=groupOfMembers)'
+ name_attribute = cn
+ membership_filter = "(member=%{control:\${..user_dn}})"
+ membership_attribute = 'memberOf'
+ cacheable_name = 'yes'
+ cacheable_dn = 'yes'
+ allow_dangling_group_ref = 'yes'
+ }
+
+ profile { }
+
+ client {
+ base_dn = "\${..base_dn}"
+ filter = '(objectClass=radiusClient)'
+
+ template { }
+
+ attribute {
+ ipaddr = 'radiusClientIdentifier'
+ secret = 'radiusClientSecret'
+ }
+ }
+
+ read_clients = no
+
+ accounting {
+ reference = "%{tolower:type.%{Acct-Status-Type}}"
+
+ type {
+ start {
+ update {
+ description := "Online at %S"
+ }
+ }
+
+ interim-update {
+ update {
+ description := "Last seen at %S"
+ }
+ }
+
+ stop {
+ update {
+ description := "Offline at %S"
+ }
+ }
+ }
+ }
+
+ post-auth {
+ update {
+ description := "Authenticated at %S"
+ }
+ }
+
+ options {
+ chase_referrals = yes
+ rebind = yes
+ res_timeout = 10
+ srv_timelimit = 3
+ net_timeout = 1
+ idle = 60
+ probes = 3
+ interval = 3
+ ldap_debug = 0x0000
+ }
+
+ tls { }
+
+ pool {
+ start = \${thread[pool].start_servers}
+ min = \${thread[pool].min_spare_servers}
+ max = \${thread[pool].max_servers}
+
+ spare = \${thread[pool].max_spare_servers}
+ uses = 0
+ retry_delay = 30
+ lifetime = 0
+ idle_timeout = 60
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 10:54:03 -0500