rbucchi / pwm

Automatically exported from code.google.com/p/pwm
0 stars 1 forks source link

PWM for Radius / LDAP on Synology Disk Stations #599

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hello 

I am new to LDAP directories. I like to set up PWM for self registering users 
to use a wireless LAN. I got a Synology Disk Station which supports a build in 
LDAP Server (OpenLDAP i think) and a Radius Server (Free Radius).

Now my issue is to use PWM on LAN for employees to register for wlan access. My 
LDAP is running and i have external access to it by phpLDAPAdmin, free radius 
as well. I also have connection from PWM. But as Synology seems to manage users 
by posixAccounts and these require gidNumber and uidNumber i stumbled around 
for hours but i am not able to use "new user registration" module. 
only errors accure for missing fields...

Now i like you to ask if you are interested to write a configuration file to 
import in pwm for synology LDAP server. So many user will easily be able to use 
your software for same issue like me and secure their wireless in a few 
minutes. 

I attached the LDIF of LDAP DN created by phpLDAPadmin
There are two "groups" blocked_user and wlan_user which i created on my 
synology DSM, cause every new registred user has to be in "blocked_user" till 
an admin moves it to "wlan_user". This is caused by synologys LDAP which adds 
every new user automatically to "users". You are not able to deselect it. 
And because of Free radius app on DSM it is only possible to block specified 
user groups. In fact it would be nonsense to block "users" because every user 
is in this group. 
So we have to add it to blocked_user, which is blocked group on freeradius. 
after moved to wlan_user access will be granted by freeradius.

OK that was complicated and not the best written english as well. I hope you 
understand my issue and im looking forward for your reply

Original issue reported on code.google.com by holthaus...@googlemail.com on 6 Aug 2014 at 6:49

Attachments:

GoogleCodeExporter commented 9 years ago
Would also be interested in getting pwm working on Synology NAS.
It might be a convoluted setup, since I think the Synology NAS "Directory 
Server" is not quite standard OpenLDAP, but rather a slightly proprietary 
Synology variant of it.
I might have misunderstood the Synology Directory Server though, this is just 
my interpretation.

Original comment by TheUtmos...@gmail.com on 15 Aug 2014 at 2:21

GoogleCodeExporter commented 9 years ago
In fact it seems to be a syno mod of open ldap, though it is named "synoldap" 
in /usr/local/ on the diskstation, but it behaves like OpenLDAP. I managed to 
add user to Synoldap by PWM running on an external maschine. BUT the problem is 
that Synology authenticates the users by sambaSID account and sambaNTpassword. 
I got the new user shown in Directory server app on my ds but Radius is not 
able to authenticate the user correctly, because there is no sambaSID for this 
user the diskstation knows correctly. 
So the real issue for a maybe written template for pwm is to ask the 
diskstation for next sambaSID and next uidNumber attribute and hash the 
sambaNTpassword attribute. I'm not sure but i guess we will have to add 
sambaAccount somewhere else to diskstation database as well.
So far. Any ideas to fix this issue?

Original comment by holthaus...@googlemail.com on 15 Aug 2014 at 5:41