Owner's Manual
Chapter 17. Security | 493
NETGEAR 8800 User Manual
Note: RADIUS server software can be obtained from several sources.
This solution uses the FreeRADIUS software available on the
following URLs: http://www.freeradius.org and www.redhat.com.
Another free tool, NTRadPing, can be used to test authentication
and authorization requests from Windows clients. NTRadPing
displays detailed responses such as attribute values sent back from
the RADIUS server.
Configuring the FreeRADIUS Server
Configuring the RADIUS server involves configuring the RADIUS server and the RADIUS
client (for authentication and authorization).
FreeRADIUS configuration files are usually stored in the /etc/raddb folder. The following
example demonstrates how to configure the FreeRADIUS server for authentication and
LDAP support:
1. Modify the radiusd.conf file global settings:
log_auth = yes (log authentication requests to the log file)
log_auth_badpass = no (don't log passwords if request rejected)
log_auth_goodpass = no (don't log passwords if request accepted)
2. Modify LDAP Settings:
modules {
ldap {
server = "ldaptest.netgearnetworks.com"
basedn = "o=ldaptestdemo,dc=netgear,dc=com"
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
authtype = ldap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
}
3. Uncomment LDAP from the authorize section:
authorize {
preprocess
chap
mschap
suffix
ldap
eap
files
}
4. Uncomment LDAP from the authenticate section:
authenticate {