To enable the ldap module, uncomment it in the authorize section of the /etc/raddb/radiusd.conf file. To disable it, comment it. In addition, if all RADIUS users are not present in the local system (/etc/passwd file), comment the files module as follows:
authorize
{
...
# files
...
#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set.
ldap
...
}
For information on setting up LDAP with FreeRADIUS, refer to the /usr/share/doc/packages/freeradius/ldap_howto.txt and /usr/share/doc/packages/freeradius/rlm_ldap files.
Uncomment the following under authenticate section of the /etc/raddb/radius.conf file.
Auth-Type LDAP
{
ldap
}
You need to add ldap in the post-authentication section of the /etc/raddb/radiusd.conf file as shown below:
post-auth
{
# Get an address from the IP Pool.
ldap
# main_pool
#
# If you want to have a log of authentication replies,
# un-comment the following line, and the ’detail reply_log’
# section, above.
# reply_log
#
# After authenticating the user, do another SQL qeury.
#
# See "Authentication Logging Queries" in sql.conf
# sql
#
# Access-Reject packets are sent through the REJECT sub-section
# of the post-auth section.
#
Post-Auth-Type REJECT
{
ldap
}
}