Setup Tripplite KVM with FreeRADIUS LDAP

System AdministrationUseful
Lawson -
2:57 am

In this short tutorial, I will show you have to configure a Tripplite KVM for use with a FreeRADIUS server connected to LDAP. In this tutorial I am using the B022-U08 model KVM.

First set up your FreeRADIUS server and get it connected to LDAP / LDAPS. I won’t cover that here but there are several guides out there on how to do that. THIS is a great guide, however, if you use this guide be sure to stop after completing “Step 1” of the section titled “Testing FreeRADIUS for LDAP Authentication and Authorization” as this guide will slightly differ in the way they set up groups.

Now that you have a FreeRADIUS server connected to LDAP we can start to configure group-based authentication for the Tripplite KVM.

First, go to /etc/freeradius/3.0/mods-enabled/ldap and find the Group {} section. Here you will want to make sure this line is uncommented: 

membership_attribute = 'memberOf'

Now we need to edit the /usr/share/freeradius/dictionary.tripplite file in order to add a custom attribute that the KVM is expecting.

Add the "ATTRIBUTE TrippLite-User 0 string” line as follows. We will use this value in our sites-enabled file.

Now you can go to /etc/freeradius/3.0/sites-enabled/default and add the lines as follows replacing “My Admin Group and My User Group” with your own LDAP / Active Directory group names” If you only have one group delete the elif lines.

NOTE!: The TrippLite-User value must be an existing user on the KVM as this line basically says to sign in with the privileges of that user.

post-auth {
        if (LDAP-Group == "My Admin Group") {
                update reply {
                        Reply-Message = "Welcome, %{User-Name}!", #Optional
                        TrippLite-User = "su/administrator"
                }
        }
        elif (LDAP-Group == "My User Group") {
                update reply {
                        Reply-Message = "Welcome, %{User-Name}!",
                        TrippLite-User = "su/viewonly"
                }
        }
        else {
                reject
        }
}

Now the configuration on FreeRADIUS is done. Make sure you have added the FreeRADIUS IP and port to the KVM’s settings (port 1812). As well as configured the IP and secret for the KVM in: /etc/freeradius/clients.conf

If all is well you should be able to log in to the KVM with your LDAP credentials.

freeradiuskvmldapSSOsysadmintripplite

Comments are closed