Owner's Manual
494 | Chapter 17. Security
NETGEAR 8800 User Manual
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
ldap
eap
A NETGEAR edge switch serves as a network access server (NAS) for workstations and as a
RADIUS client for the RADIUS server. RADIUS clients are configured in
/etc/raddb/clients.conf. There are two ways to configure RADIUS clients. Either group the
NAS by IP subnet or list the NAS by host name or IP address.
To configure the RADIUS client using the second method, use the following commands:
client 192.168.1.1 {
secret = netgear1
shortname = ldap-demo
}
Configuring the RADIUS-to-LDAP Attribute Mappings
Attributes are configured in /etc/freeradius/ladp.attrmap. This file maps RADIUS attributes
to LDAP attributes. Samba has NT/LM password hashes. Hence, the default mapping for
LM-Password and NT-Password must be changed.
To configure attribute mappings, use the following commands:
checkItem User-Password userPassword
checkItem LMPassword sambaLMPassword
checkItem NTPassword sambaNTPassword
replyItem Tunnel-Type radiusTunnelType
replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
Configuring Additional Attributes Mappings
Attributes are configured in /etc/freeradius/ladp.attrmap:
## Attributes for NETGEAR Vendor-Specific RADIUS
replyItem Netgear-Security-Profile radiusNetgearSecurityProfile
replyItem Netgear-Netlogin-Vlan-Tag radiusNetgearNetloginVlanTag
replyItem Netgear-Netlogin-Extended-Vlan radiusNetgearNetloginExtendedVlan
Modifying the RADIUS Schema
Additional attributes for RADIUS must be configured to extend the
RADIUS-LDAP-V3.schema under the
/etc/openldap directory.
Use the following commands to modify the RADIUS schema: