{"id":10685,"date":"2025-08-16T20:57:33","date_gmt":"2025-08-16T11:57:33","guid":{"rendered":"https:\/\/y2tech.net\/blog\/?p=10685"},"modified":"2026-02-07T22:52:58","modified_gmt":"2026-02-07T13:52:58","slug":"authenticated-vlan-with-aruba-instant-on-7","status":"publish","type":"post","link":"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-7-10685\/","title":{"rendered":"Aruba\u306eAP\u3092\u7528\u3044\u3066\u8a8d\u8a3cVLAN\u3092\u5b9f\u88c5\u3057\u3066\u307f\u308b#7 \uff08LDAP\u3068\u306e\u9023\u643a\uff09"},"content":{"rendered":"<hr \/>\r\n<h4>\u300eAruba\u306eAP\u3092\u7528\u3044\u3066\u8a8d\u8a3cVLAN\u3092\u5b9f\u88c5\u3057\u3066\u307f\u308b\u300f\u3000\u30a4\u30f3\u30c7\u30af\u30b9<\/h4>\r\n<br>\r\n<ul>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-1-10315\/\" target=\"_blank\">\u30fb#1 Instant On\u306e\u6982\u8981<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-2-10369\/\" target=\"_blank\">\u30fb#2 RADIUS\u30b5\u30fc\u30d0\u3068\u306e\u9023\u643a<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-3-10547\/\" target=\"_blank\">\u30fb#3 \u81ea\u5df1\u8a8d\u8a3c\u8a3c\u660e\u66f8\u306e\u8a2d\u5b9a<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-4-10577\/\" target=\"_blank\">\u30fb#4 EAP-PEAP\u306b\u3088\u308b\u8a8d\u8a3c<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-5-10604\/\" target=\"_blank\">\u30fb#5 AP\u3092RADIUS\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-6-10665\/\" target=\"_blank\">\u30fb#6 \u8a8d\u8a3cVLAN\u306e\u5b9f\u88c5<\/a><\/li>\r\n<li>\u3000\u30fb#7 LDAP\u3068\u306e\u9023\u643a<\/a><\/li>\r\n<\/ul>\r\n<hr \/>\r\n\r\n<h3>RADIUS\u30b5\u30fc\u30d0\u3092LDAP\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b<\/h3>\r\n<br>\r\n<p>\u524d\u56de\u306e\u8a18\u4e8b\u3067\u8a8d\u8a3cVLAN\u306e\u5b9f\u88c5\u65b9\u6cd5\u306b\u3064\u3044\u3066\u8aac\u660e\u3057\u305f\u304c\u3001\u30c6\u30b9\u30c8\u74b0\u5883\u306a\u306e\u3067RADIUS\u30b5\u30fc\u30d0\u5074\u306e\u30e6\u30fc\u30b6\u60c5\u5831\u3092\u8a18\u8f09\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u5185\u306b\u8a8d\u8a3cVLAN\u306b\u95a2\u3059\u308b\u5c5e\u6027\u5024\u3092\u8a18\u8f09\u3057\u305f\u304c\u3001\u3053\u306e\u65b9\u6cd5\u3067\u306f\u30e6\u30fc\u30b6\u60c5\u5831\u306b\u5909\u66f4\u304c\u3042\u308b\u5ea6\u306b\u6bce\u56deRADIUS\u30b5\u30fc\u30d0\u5074\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u66f4\u65b0\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u306e\u3067\u3001\u6570\u4eba\u7a0b\u5ea6\u306e\u898f\u6a21\u306e\u7d44\u7e54\u3084\u5bb6\u5ead\u306a\u3069\u3067\u306a\u3051\u308c\u3070\u4f7f\u3044\u7269\u306b\u306a\u3089\u306a\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>\u4f1a\u793e\u3084\u5927\u5b66\u306a\u3069\u306e\u7d44\u7e54\u3067\u306f\u5927\u62b5\u306e\u5834\u5408\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u60c5\u5831\u3092\u96c6\u4e2d\u7ba1\u7406\u3059\u308b\u305f\u3081\u306e\u4f55\u3089\u304b\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b7\u30b9\u30c6\u30e0\u304c\u904b\u7528\u3055\u308c\u3066\u3044\u308b\uff0eWindows\u7cfb\u306ePC\u304c\u591a\u3044\u7d44\u7e54\u3067\u306f\u3001Active Directory\u3092\u4e2d\u5fc3\u3068\u3057\u305f\u30b7\u30b9\u30c6\u30e0\u3001\u30a2\u30ab\u30c7\u30df\u30c3\u30af\u7cfb\u306e\u6a5f\u95a2\u3067\u306f\u6614\u304b\u3089UNIX\u7cfb\u306eOS\u304c\u30e1\u30a4\u30f3\u3060\u3063\u305f\u3053\u3068\u3082\u3042\u308a\u3001LDAP\u3092\u4e2d\u5fc3\u3068\u3057\u305f\u30b7\u30b9\u30c6\u30e0\u3067\u69cb\u6210\u3059\u308b\u3053\u3068\u304c\u4e00\u822c\u7684\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>\u30e6\u30fc\u30b6\u306b\u95a2\u3059\u308b\u60c5\u5831\u306f\u3053\u308c\u3089\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b7\u30b9\u30c6\u30e0\u306b\u3088\u3063\u3066\u96c6\u4e2d\u7ba1\u7406\u3055\u308c\u3066\u304a\u308a\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u63a5\u7d9a\u306e\u305f\u3081\u306e\u30e6\u30fc\u30b6\u60c5\u5831\u3092\u5225\u306aRADIUS\u30b5\u30fc\u30d0\u4e0a\u3067\u7ba1\u7406\u3059\u308b\u3068\u3044\u3046\u306e\u306f\u904b\u7528\u3084\u7ba1\u7406\u306e\u624b\u9593\u3092\u8003\u3048\u308b\u3068\u975e\u73fe\u5b9f\u7684\u306a\u65b9\u6cd5\u3060\uff0e<\/p>\r\n<br>\r\n<p>\u3053\u306e\u554f\u984c\u3092\u89e3\u6c7a\u3059\u308b\u7c21\u5358\u306a\u65b9\u6cd5\u3068\u3057\u3066\u3001RADIUS\u30b5\u30fc\u30d0\u5074\u306b\u306f\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u60c5\u5831\u3092\u6301\u305f\u305b\u306a\u3044\u3067\u3001RADIUS\u30b5\u30fc\u30d0\u304c\u53c2\u7167\u3059\u3079\u304d\u30e6\u30fc\u30b6\u60c5\u5831\u3084\u5c5e\u6027\u306b\u3064\u3044\u3066\u306f\u5916\u90e8\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b7\u30b9\u30c6\u30e0\u3078\u554f\u3044\u5408\u308f\u305b\u308b\u4ed5\u7d44\u307f\u3092\u5c0e\u5165\u3059\u308b\u306e\u304c\u4e00\u822c\u7684\u306a\u904b\u7528\u65b9\u6cd5\u3060\uff0e\u3053\u306e\u65b9\u6cd5\u3067\u3042\u308c\u3070\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b7\u30b9\u30c6\u30e0\u306e\u904b\u7528\u306f\u73fe\u884c\u306e\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u304c\u65e2\u306b\u78ba\u7acb\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u7ba1\u7406\u3084\u904b\u7528\u306e\u30b3\u30b9\u30c8\u306f\u4f4e\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>\u4f46\u3057\u3001\u65e2\u5b58\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b7\u30b9\u30c6\u30e0\u304cRADIUS\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3057\u3066\u3044\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a8d\u8a3c\u3082\u3053\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b5\u30fc\u30d0\u306b\u3088\u3063\u3066\u8a8d\u8a3c\u3055\u308c\u308b\u4ed5\u7d44\u307f\u304c\u6574\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u826f\u3044\u304c\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b5\u30fc\u30d0\u304c\u5168\u304f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a8d\u8a3c\u306e\u4e8b\u3092\u8003\u616e\u305b\u305a\u306b\u4f5c\u6210\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306f\u7d50\u69cb\u5384\u4ecb\u3060\uff0e\u65e2\u5b58\u306e\u904b\u7528\u4e2d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b7\u30b9\u30c6\u30e0\u306b\u624b\u3092\u52a0\u3048\u308b\u3053\u3068\u306f\u304b\u306a\u308a\u30ea\u30b9\u30ad\u30fc\u306a\u6539\u4fee\u3068\u306a\u308b\u306e\u3067\u3001\u305d\u308c\u306a\u308a\u306e\u6e96\u5099\u671f\u9593\u3068\u6539\u4fee\u30b3\u30b9\u30c8\u304c\u639b\u304b\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>\u4eca\u56de\u306f\u3001FreeRADIUS\u30b5\u30fc\u30d0\u3092\u65e2\u5b58\u306eOpenLDAP\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u7d39\u4ecb\u3059\u308b\uff0e\u5c1a\u3001\u4eca\u56de\u306e\u30c6\u30b9\u30c8\u7528\u306b\u7528\u3044\u305fOpenLDAP\u306fRHEL7.4\u4ee5\u964d\u306e\u74b0\u5883\u3067\u306f\u975e\u63a8\u5968\u6271\u3044\u306b\u306a\u308a\u3001\u4e16\u306e\u4e2d\u7684\u306b\u306f\u3000<a href=\"https:\/\/www.port389.org\/\" target=\"_blank\">389 Directory Server<\/a> \u3078\u79fb\u884c\u3059\u308b\u6d41\u308c\u306e\u3088\u3046\u3060\uff0eLDAP\u30b5\u30fc\u30d0\u305d\u306e\u3082\u306e\u306e\u69cb\u7bc9\u306b\u3064\u3044\u3066\u306f\u307e\u305f\u5225\u306a\u6a5f\u4f1a\u306b\u7d39\u4ecb\u3057\u3088\u3046\u3068\u601d\u3046\uff0e<\/p>\r\n<br>\r\n<h4>FreeRADIUS\u3092LDAP\u9023\u643a\u3055\u305b\u308b\u305f\u3081\u306e\u30b9\u30ad\u30fc\u30de\u30d5\u30a1\u30a4\u30eb\u306e\u6e96\u5099<\/h4>\r\n<br>\r\n<p>\u65e2\u5b58\u306eLDAP\u30b5\u30fc\u30d0\u304c\u7a3c\u50cd\u3057\u3066\u3044\u308b\u306e\u3067\u3042\u308c\u3070\u3001\u305d\u3053\u306bRADIUS\u95a2\u9023\u306e\u30b9\u30ad\u30fc\u30de\u3092\u8ffd\u52a0\u3057\u3066\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u306bRADIUS\u95a2\u9023\u306e\u5c5e\u6027\u30c7\u30fc\u30bf\u3092\u8ffd\u52a0\u3059\u308b\u3068\u3044\u3046\u624b\u9806\u3092\u8e0f\u3081\u3070\u826f\u3044\u306e\u3060\u304c\u3001\u65e2\u5b58\u306eLDAP\u30b5\u30fc\u30d0\u304c\u3069\u306e\u3088\u3046\u306b\u69cb\u6210\u3055\u308c\u3066\u3044\u308b\u306e\u304b\u306b\u3088\u3063\u3066\u624b\u9806\u304c\u7570\u306a\u308b\u306e\u3067\u3001\u4eca\u56de\u306f\u3053\u306e\u30c6\u30b9\u30c8\u306e\u305f\u3081\u306b\u65b0\u898f\u3067OpeLDAP\u30b5\u30fc\u30d0\u3092\u7acb\u3061\u4e0a\u3052\u308b\u3053\u3068\u306b\u3057\u305f\uff0e<\/p>\r\n<br>\r\n<p>\u4eca\u56de\u5b9f\u9a13\u7528\u306b\u7acb\u3061\u4e0a\u3052\u305fOpenLDAP\u30b5\u30fc\u30d0\u306fFreeRADIUS\u3068\u9023\u643a\u3057\u3066\u8a8d\u8a3cVLAN\u306e\u6a5f\u80fd\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306e\u7269\u3067\u3001\u3044\u3044\u52a0\u6e1b\u306a\u5b9f\u88c5\u306a\u306e\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u7684\u306a\u914d\u616e\u306f\u6b86\u3069\u884c\u3063\u3066\u3044\u306a\u3044\u306e\u3067\u3001\u672c\u756a\u74b0\u5883\u306b\u5b9f\u88c5\u3059\u308b\u5834\u5408\u306fLDAP\u5074\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u5bfe\u7b56\u3084Firewall\u95a2\u9023\u306e\u8a2d\u5b9a\u306a\u3069\u3092\u7cbe\u67fb\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>FreeRADIUS\u3092LDAP\u9023\u643a\u3055\u305b\u308b\u5834\u5408\u306e\u6ce8\u610f\u70b9\u306a\u3069\u306b\u3064\u3044\u3066\u3001&#8221;<a href=\"https:\/\/www.freeradius.org\/documentation\/freeradius-server\/3.2.8\/concepts\/modules\/ldap\/authentication.html\" target=\"_blank\">Authenticating Users with LDAP<\/a>&#8221; \u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u4e00\u901a\u308a\u76ee\u3092\u901a\u3057\u3066\u7f6e\u304f\u3053\u3068\u826f\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>FreeRadius\u306eGitHub\u4e0a\u306b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8 &#8220;<a href=\"https:\/\/github.com\/FreeRADIUS\/freeradius-server\/tree\/v3.2.x\/doc\/schemas\/ldap\/openldap\" target=\"_blank\">freeradius-server\/doc\/schemas\/ldap\/openldap\/<\/a>&#8221; \u306b\u3001RADIUS\u95a2\u9023\u306e\u30b9\u30ad\u30fc\u30de\u30d5\u30a1\u30a4\u30eb\u304c\u7f6e\u304b\u308c\u3066\u3044\u308b\uff0e&#8221;freeradiu.schema&#8221; \u3068 LDIF\u5f62\u5f0f\u306e &#8220;freeradius.ldif&#8221; \u304c\u3042\u308b\u306e\u3067\u3001OpenLDAP\u306e\u30b9\u30ad\u30fc\r\n\u30de\u30d5\u30a1\u30a4\u30eb\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea(\u901a\u5e38\u306f &#8220;\/etc\/openldap\/schema\/&#8221;\uff09\u306b\u30b3\u30d4\u30fc\u3057\u3066\u304a\u304f\uff0e<\/p>\r\n<br>\r\n<p>&#8220;freeradiu.schema&#8221;\u306e\u5185\u5bb9\u306b\u76ee\u3092\u901a\u3057\u3066\u3001\u524d\u56de\u306e\u8a18\u4e8b\u3067\u7d39\u4ecb\u3057\u305f\u8a8d\u8a3cVLAN\u3067\u5fc5\u8981\u3068\u306a\u308bRADIUS\u306e&#8221;Tunnel Attributes&#8221; \u95a2\u9023\u306e3\u3064\u306e\u5c5e\u6027\u306b\u5bfe\u5fdc\u3059\u308bLDAP\u306e&#8221;attributetype&#8221;\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u51fa\u6765\u308b\u3060\u308d\u3046\uff0e<\/P>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n       RADIUS                         LDAP  \r\n     \"Tunnel-Type\"              'radiusTunnelType'\r\n     \"Tunnel-Medium-Type\"       'radiusTunnelMediumType'\r\n     \"Tunnel-Private-Group-ID\"  'radiusTunnelPrivateGroupId'\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u4e0a\u8a18\u306e &#8220;freeradiu.schema&#8221; \u3068 LDIF\u5f62\u5f0f\u306e &#8220;freeradius.ldif&#8221;  \u306e\u30d5\u30a1\u30a4\u30eb\u306f\u3001FreeRADIUS\u306e\u516c\u5f0f\u30ea\u30dd\u30b8\u30c8\u30ea\u306b\u7f6e\u304b\u308c\u305f\u7269\u3067\u3042\u308b\u304c\u3001\r\n\u3000&#8221;<a href=\"https:\/\/github.com\/redBorder\" target=\"_blank\">redBorder<\/a>&#8221; \u3068\u3044\u3046GitHub\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u306b\u3082 LDAP\u95a2\u9023\u306eRADIUS\u7528\u30b9\u30ad\u30fc\u30de\u30d5\u30a1\u30a4\u30eb\u304c\u7f6e\u304b\u308c\u3066\u3044\u308b\uff0e<\/p>\r\n<br>\r\n\u3000&#8221;<a href=\"https:\/\/github.com\/redBorder\/freeradius\/tree\/master\/doc\/schemas\/ldap\" target=\"_blank\">https:\/\/github.com\/redBorder\/freeradius\/tree\/master\/doc\/schemas\/ldap<\/a>&#8221; \r\n<br>\r\n<br>\r\n<p>OpenLDAP\u7528\u306e\u4ed6\u306b\u3001&#8221;iPlanet Directory Server&#8221; \u7528\u306e\u30b9\u30ad\u30fc\u30de\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb\u304c\u7f6e\u304b\u308c\u3066\u3044\u308b\u304c\u30012013\u5e74\u5f53\u6642\u306e\u7269\u306e\u3088\u3046\u3060\uff0e\u5185\u5bb9\u3092\u8a73\u3057\u304f\u898b\u3066\u3044\u306a\u3044\u304c\u3001\u4eca\u56de\u306e\u8a8d\u8a3cVLAN\u306e\u5b9f\u88c5\u7528\u9014\u3067\u306f\u3069\u3061\u3089\u3092\u4f7f\u3063\u3066\u3082\u554f\u984c\u306a\u3055\u305d\u3046\u3060\uff0e\u4eca\u56de\u306f\u3001FreeRADIUS\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u3067\u306f\u306a\u304f\u3001redBorder\u7248\u306e &#8220;openldap.ldif&#8221;, &#8220;openldap.schema&#8221; \u30d5\u30a1\u30a4\u30eb\u3092\u7528\u3044\u305f\uff0e\u30d5\u30a1\u30a4\u30eb\u540d\u304c\u7d1b\u3089\u308f\u3057\u304b\u3063\u305f\u306e\u3067\u3001\u305d\u308c\u305e\u308c&#8221;radius.ldif&#8221;, &#8220;radius.schema&#8221;\u306b\u5909\u66f4\u3057\u3066\u3042\u308b\uff0e<\/p>\r\n<br>\r\n<p>OpenLDAP\u306e\u30b9\u30ad\u30fc\u30de\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u3057\u3066\u304a\u304f\uff0eOpenLDAP\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u306b\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u308b\u30b9\u30ad\u30fc\u30de\u30d5\u30a1\u30a4\u30eb\u4ee5\u5916\u306b\u3082\u3001QNAP\u306eLDAP\u304b\u3089\u306e\u79fb\u884c\u7528\u306e\u30b9\u30ad\u30fc\u30de\u3084Samba\u95a2\u9023\u306e\u30b9\u30ad\u30fc\u30de\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u308b\uff0e\uff08\u65e5\u4ed8\u304c &#8220;May 22&#8221; \u3068\u306a\u3063\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u7fa4\uff09<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n[root@ns7 schema]# pwd\r\n\/etc\/openldap\/schema\r\n[root@ns7 schema]# ls -la\r\ntotal 708\r\ndrwxr-xr-x  2 root root   4096 Aug 16 09:06 .\r\ndrwxr-xr-x. 5 root root     92 Aug 16 08:53 ..\r\n-rw-r--r--  1 root root  28047 Aug 16 09:00 apple.ldif\r\n-rw-r--r--  1 root root  33278 Aug 16 09:00 apple.schema\r\n-rw-r--r--  1 root root    444 Aug 16 09:00 apple_auxillary.ldif\r\n-rw-r--r--  1 root root    718 Aug 16 09:00 apple_auxillary.schema\r\n-r--r--r--  1 root root   2036 May 22  2024 collective.ldif\r\n-r--r--r--  1 root root   6191 May 22  2024 collective.schema\r\n-r--r--r--  1 root root   1845 May 22  2024 corba.ldif\r\n-r--r--r--  1 root root   8063 May 22  2024 corba.schema\r\n-r--r--r--  1 root root  20619 May 22  2024 core.ldif\r\n-r--r--r--  1 root root  20506 May 22  2024 core.schema\r\n-r--r--r--  1 root root  12006 May 22  2024 cosine.ldif\r\n-r--r--r--  1 root root  73995 May 22  2024 cosine.schema\r\n-r--r--r--  1 root root   3594 May 22  2024 dsee.ldif\r\n-r--r--r--  1 root root   3374 May 22  2024 dsee.schema\r\n-r--r--r--  1 root root   4842 May 22  2024 duaconf.ldif\r\n-r--r--r--  1 root root  10389 May 22  2024 duaconf.schema\r\n-r--r--r--  1 root root   3500 May 22  2024 dyngroup.ldif\r\n-r--r--r--  1 root root   3523 May 22  2024 dyngroup.schema\r\n-r--r--r--  1 root root   3481 May 22  2024 inetorgperson.ldif\r\n-r--r--r--  1 root root   6267 May 22  2024 inetorgperson.schema\r\n-r--r--r--  1 root root   2979 May 22  2024 java.ldif\r\n-r--r--r--  1 root root  13901 May 22  2024 java.schema\r\n-r--r--r--  1 root root   2082 May 22  2024 misc.ldif\r\n-r--r--r--  1 root root   2387 May 22  2024 misc.schema\r\n-r--r--r--  1 root root 121865 May 22  2024 msuser.ldif\r\n-r--r--r--  1 root root 113752 May 22  2024 msuser.schema\r\n-r--r--r--  1 root root   1218 May 22  2024 namedobject.ldif\r\n-r--r--r--  1 root root   1574 May 22  2024 namedobject.schema\r\n-r--r--r--  1 root root   6809 May 22  2024 nis.ldif\r\n-r--r--r--  1 root root   7640 May 22  2024 nis.schema\r\n-r--r--r--  1 root root   3308 May 22  2024 openldap.ldif\r\n-r--r--r--  1 root root   1514 May 22  2024 openldap.schema\r\n-r--r--r--  1 root root   6904 May 22  2024 pmi.ldif\r\n-r--r--r--  1 root root  20467 May 22  2024 pmi.schema\r\n-rw-r--r--  1 root root   4571 Aug 16 09:01 ppolicy.ldif\r\n-rw-r--r--  1 root root  20489 Aug 16 09:01 ppolicy.schema\r\n-rw-r--r--  1 root root  12383 Aug 16 09:01 radius.ldif\r\n-rw-r--r--  1 root root  14479 Aug 16 09:01 radius.schema\r\n-rw-r--r--  1 root root  14275 Aug 16 09:06 samba.ldif\r\n-rw-r--r--  1 root root  23182 Aug 16 09:06 samba.schema\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<h4>\u30b9\u30ad\u30fc\u30de\u30d5\u30a1\u30a4\u30eb\u306e\u8ffd\u52a0<\/h4>\r\n<br>\r\n<p>RADIUS\u95a2\u9023\u306e\u30b9\u30ad\u30fc\u30de\u30d5\u30a1\u30a4\u30eb\u304c\u7528\u610f\u3067\u304d\u305f\u3068\u3053\u308d\u3067\u3001OpenLDAP\u306b\u3053\u306e\u30b9\u30ad\u30de\u30fc\u3092\u8ffd\u52a0\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\uff0e\u30b9\u30ad\u30fc\u30de\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u65b9\u6cd5\u306fLDAP\u30b5\u30fc\u30d0\u306b\u3088\u3063\u3066\u7570\u306a\u308b\u304c\u3001\u4eca\u56de\u306f OpeLDAP V2.6 \u3067\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u65b9\u6cd5\u3092\u793a\u3059\uff0e\u5c1a\u3001OpenLDAP\u306e\u53e4\u3044\u30d0\u30fc\u30b8\u30e7\u30f3(V2.4\u3088\u308a\u524d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\uff09\u3067\u306f\u3001\u30b9\u30ad\u30fc\u30de\u306e\u5909\u66f4\u65b9\u6cd5\u306f\u7570\u306a\u308b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n[root@ns7 schema]# ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f \/etc\/openldap\/schema\/radius.ldif\r\nSASL\/EXTERNAL authentication started\r\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\r\nSASL SSF: 0\r\nadding new entry \"cn=radius,cn=schema,cn=config\"\r\n\r\n\r\n[root@ns7 ~]# ldapsearch -LLL -Y EXTERNAL -H ldapi:\/\/\/ -b cn=schema,cn=config dn   \uff1c\uff1d\uff1d\u3000\u30b9\u30ad\u30fc\u30de\u30d5\u30a1\u30a4\u30eb\u306e\u691c\u7d22\r\nSASL\/EXTERNAL authentication started\r\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\r\nSASL SSF: 0\r\ndn: cn=schema,cn=config\r\n\r\ndn: cn={0}core,cn=schema,cn=config\r\n\r\ndn: cn={1}cosine,cn=schema,cn=config\r\n\r\ndn: cn={2}nis,cn=schema,cn=config\r\n\r\ndn: cn={3}inetorgperson,cn=schema,cn=config\r\n\r\ndn: cn={4}radius,cn=schema,cn=config\u3000\u3000\u3000\u3000\u3000\u3000\u3000\uff1c\uff1d\uff1d\uff1d \u4eca\u56de\u8ffd\u52a0\u3057\u305f \"RADIUS\" \u306e\u30b9\u30ad\u30fc\u30de\r\n\r\ndn: cn={5}samba,cn=schema,cn=config\r\n\r\ndn: cn={6}ppolicy,cn=schema,cn=config\r\n\r\ndn: cn={7}apple_auxillary,cn=schema,cn=config\r\n\r\ndn: cn={8}apple,cn=schema,cn=config\r\n\r\n[root@ns7 ~]# \r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<h4>\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u4fee\u6b63\u3059\u308b<\/h4>\r\n<br>\r\n<p>\u4eca\u56de\u8ffd\u52a0\u3057\u305fRADIUS\u7528\u306e\u30b9\u30ad\u30fc\u30de\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u308b\u8a8d\u8a3cVLAN\u7528\u306eRADIUS\u5c5e\u6027\u306fLDAP\u30b5\u30fc\u30d0\u4e0a\u306e\u5404\u30e6\u30fc\u30b6\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u306b\u306f\u53cd\u6620\u3055\u308c\u3066\u3044\u306a\u3044\u306e\u3067\u3001\u65e2\u5b58\u306e\u30e6\u30fc\u30b6\u30a8\u30f3\u30c8\u30ea\u30fc\u306b\u5bfe\u3057\u3066\u306f\u8a8d\u8a3cVLAN\u7528\u306e3\u3064\u306eRADIUS\u5c5e\u6027\u3092LDAP\u306e\u9805\u76ee\u3068\u3057\u3066\u8ffd\u52a0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0e<\/p>\r\n<br>\r\n<p>3\u3064\u306eRADIUS\u5c5e\u6027\u306e\u5185\u3001\u5b9f\u969b\u306b\u30e6\u30fc\u30b6\u306b\u7d10\u4ed8\u304f\u306e\u306f &#8220;radiusTunnelPrivateGroupId&#8221; \u3060\u3051\u3067\u306a\u306e\u3067\u3001\u4ed6\u306e2\u3064\u306e\u5c5e\u6027 &#8220;radiusTunnelType&#8221; \u3068&#8221;radiusTunnelMediumType&#8221; \u306f\u5168\u54e1\u5171\u901a\u306a\u306e\u3067\u3001LDAP\u5074\u306b\u6301\u305f\u306a\u304f\u3066\u3082\u826f\u3044\u306e\u3060\u304c\u3001LDAP\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u5185\u5bb9\u3092\u898b\u305f\u969b\u306b\u3001\u3053\u308c\u3089\u306e\u5c5e\u6027\u304c\u8a8d\u8a3cVLAN\u306b\u95a2\u3059\u308b\u5c5e\u6027\u3067\u3042\u308b\u3053\u3068\u3092\u89e3\u308a\u3084\u3059\u304f\u3059\u308b\u305f\u3081\u306b\u6562\u3048\u3066\u9805\u76ee\u3068\u3057\u3066\u8f09\u305b\u3066\u3044\u308b\uff0e<\/p>\r\n<br>\r\n<p>&#8220;radiusTunnelType&#8221; \u3068&#8221;radiusTunnelMediumType&#8221; \u306f RADIUS\u30b5\u30fc\u30d0\u5074\u306b\u5168\u54e1\u5171\u901a\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u9805\u76ee\u3068\u3057\u3066\u8a18\u8f09\u3057\u3066\u3044\u308b\uff0e<\/p>\r\n<br>\r\n<p>LDAP\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u4fee\u6b63\u3059\u308b\u65b9\u6cd5\u306f\u8272\u3005\u3042\u308b\u304c\u3001<a href=\"https:\/\/www.ldapadministrator.com\/\" target=\"_blank\">LDAPAdministrator<\/a>\u3084WEB\u30d9\u30fc\u30b9\u306e <a href=\"https:\/\/github.com\/leenooks\/phpLDAPadmin\" target=\"_blank\">phpLDAPAdmin<\/a>\u306a\u3069\u306eGUI\u30d9\u30fc\u30b9\u306e\u30c4\u30fc\u30eb\u3092\u7528\u3046\u65b9\u6cd5\u3084\u3001Unix\u7cfb\u306e\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u306b\u6163\u308c\u3066\u3044\u308b\u306e\u3067\u3042\u308c\u3070\u3001OpenLDAP\u3068\u5171\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u308b ldapadd\u3084ldapmodify\u306a\u3069\u306e\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u30c4\u30fc\u30eb\u3092\u4f7f\u3063\u3066\u3001LDIF\u5f62\u5f0f\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u99c6\u4f7f\u3057\u3066\u30a8\u30f3\u30c8\u30ea\u30fc\u306e\u7de8\u96c6\u4f5c\u696d\u3092\u884c\u3046\u306e\u304c\u4e00\u756a\u624b\u3063\u53d6\u308a\u65e9\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>\u3042\u308b\u7a0b\u5ea6\u306e\u898f\u6a21\u306e\u7d44\u7e54\u3067\u306f\u3001\u65e2\u5b58\u306e\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306e\u4e2d\u3067 <a href=\"https:\/\/www.exgen.co.jp\/lm\/\" target=\"_blank\">LDAPManager<\/a> \u306e\u3088\u3046\u306a\u7d71\u5408ID\u7ba1\u7406\u30c4\u30fc\u30eb\u304c\u5c0e\u5165\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u591a\u3044\u306e\u3067\u3001\u305d\u306e\u3088\u3046\u306a\u30c4\u30fc\u30eb\u3092\u5229\u7528\u3059\u308b\u306e\u3082\u826f\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>\u4eca\u56de\u306f\u8a66\u9a13\u7528\u306e\u30e6\u30fc\u30b6\u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u4e00\u304b\u3089\u4f5c\u308b\u306e\u304c\u9762\u5012\u3060\u3063\u305f\u306e\u3067\u3001QNAP\u4e0a\u306eLDAP\uff08\u4e2d\u8eab\u306fOpenLDAP)\u3067\u30e6\u30fc\u30b6\u30a2\u30ab\u30a6\u30f3\u30c8 &#8220;y2admin&#8221; \u3092\u4f5c\u6210\u3057\u3001\u305d\u306eLDIF\u30c7\u30fc\u30bf\u3092\u53d6\u308a\u51fa\u3057\u3001\u305d\u308c\u3092\u30c6\u30b9\u30c8\u7528\u306eLDAP\u30b5\u30fc\u30d0(OpenLDAP V2.6\uff09\u306b\u30a4\u30f3\u30dd\u30fc\u30c8\u3057\u3066\u3044\u308b\uff0e<\/p>\r\n<br>\r\n<p>QNAP\u4e0a\u306eLDAP\u306b\u767b\u9332\u3055\u308c\u305f \u30e6\u30fc\u30b6 &#8220;y2admin&#8221; \u306eLDIF\u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u306f\u6b21\u306e\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u308b\uff0e<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n[~] # ldapsearch -x -h localhost -D \"cn=xxxxxxx,dc=home,dc=yoko\" -b \"uid=y2admin,ou=people,dc=home,dc=yoko\" -W -LLL \r\nEnter LDAP Password: \r\ndn: uid=y2admin,ou=people,dc=home,dc=yoko\r\nobjectClass: top\r\nobjectClass: posixAccount\r\nobjectClass: shadowAccount\r\nobjectClass: person\r\nobjectClass: organizationalPerson\r\nobjectClass: inetOrgPerson\r\nobjectClass: sambaSamAccount\r\nobjectClass: sambaIdmapEntry\r\nobjectClass: apple-user\r\ncn: y2admin\r\nsn: y2admin\r\nuid: y2admin\r\nuidNumber: 1000000\r\ngidNumber: 1000000\r\nuserPassword:: e0NSWVBUfS ----------  EeFZIdFd5QjNKVS4=\r\nhomeDirectory: \/home\/y2admin\r\nshadowLastChange: 20315\r\nshadowMin: 0\r\nshadowMax: 99999\r\nshadowWarning: 7\r\nshadowExpire: -1\r\nshadowInactive: 0\r\nshadowFlag: 0\r\ndisplayName: y2admin\r\nsambaSID: S-1-5-21-4011659892-1488691106-2880545186-1002\r\nsambaLMPassword: FA8CFFF ------------  6954A50\r\nsambaNTPassword: 6821C54 ------------ FC59A7B1D7B\r\nsambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000\r\n 00000000\r\nsambaPwdLastSet: 1755301771\r\nsambaAcctFlags: [U          ]\r\nsambaKickoffTime: 0\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u3053\u306e\u5185\u5bb9\u3092\u305d\u306e\u307e\u307e\u30c6\u30b9\u30c8\u7528\u306eOpenLDAP\u30b5\u30fc\u30d0\u306b\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b\uff0e\u4eca\u56de\u306f&#8221;y2admin&#8221;\u30e6\u30fc\u30b6\u306f\u65e2\u306b\u65e2\u5b58\u306eLDAP\u4e0a\u306b\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u3068\u3044\u3046\u524d\u63d0\u306a\u306e\u3067\u4f55\u3082\u7de8\u96c6\u3057\u306a\u3044\uff0e\uff08\u4eca\u56de\u306f\u30c6\u30b9\u30c8\u306a\u306e\u3067LDIF\u30c7\u30fc\u30bf\u3092LDIF\u30d5\u30a1\u30a4\u30eb\u3092\u4f7f\u308f\u305a\u306b\u30a4\u30f3\u30e9\u30a4\u30f3\u3067\u76f4\u63a5\u5165\u529b\u3057\u3066\u3044\u308b\uff09<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n[root@ns7 ~]# ldapadd -x -D cn=yyyyyyy,dc=home,dc=yoko -W <<__EOD__\r\ndn: uid=y2admin,ou=people,dc=home,dc=yoko\r\nobjectClass: top\r\nobjectClass: posixAccount\r\nobjectClass: shadowAccount\r\nobjectClass: person\r\nobjectClass: organizationalPerson\r\nobjectClass: inetOrgPerson\r\nobjectClass: sambaSamAccount\r\nobjectClass: sambaIdmapEntry\r\nobjectClass: apple-user\r\ncn: y2admin\r\nsn: y2admin\r\nuid: y2admin\r\nuidNumber: 1000000\r\ngidNumber: 1000000\r\nuserPassword:: e0NSWVBUfS ----------  EeFZIdFd5QjNKVS4=\r\nhomeDirectory: \/home\/y2admin\r\nshadowLastChange: 20315\r\nshadowMin: 0\r\nshadowMax: 99999\r\nshadowWarning: 7\r\nshadowExpire: -1\r\nshadowInactive: 0\r\nshadowFlag: 0\r\ndisplayName: y2admin\r\nsambaSID: S-1-5-21-4011659892-1488691106-2880545186-1002\r\nsambaLMPassword: FA8CFFF ------------  6954A50\r\nsambaNTPassword: 6821C54 ------------ FC59A7B1D7B\r\nsambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000\r\n 00000000\r\nsambaPwdLastSet: 1755301771\r\nsambaAcctFlags: [U          ]\r\nsambaKickoffTime: 0\r\n__EOD__\r\n\r\nEnter LDAP Password: \r\nadding new entry \"uid= y2admin,ou=people,dc=home,dc=yoko\"\r\n\r\n[root@ns7 ~]# \r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u3053\u306e\"y2admin\" \u30e6\u30fc\u30b6\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u306b\u3001\u8a8d\u8a3cVLAN\u7528\u306e3\u3064\u306eRADIUS\u5c5e\u6027\u9805\u76ee\u3092\u8ffd\u8a18\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e\u3053\u306e3\u3064\u306e\u5c5e\u6027\u306b\u52a0\u3048\u3001RADIUS\u7528\u306eobjectClass : radiusprofile \u3082\u30a8\u30f3\u30c8\u30ea\u30fc\u306b\u8ffd\u52a0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0eldapmodify\u30b3\u30de\u30f3\u30c9\u306e\u5185\u5bb9\u306f\u6b21\u306e\u3088\u3046\u306b\u306a\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n[root@ns7 ~]# ldapmodify  -x -D cn= yyyyyyy,dc=home,dc=yoko -W <<__EOD__\r\ndn: uid=y2admin,ou=people,dc=home,dc=yoko\r\nchangetype: modify\r\nadd: objectClass\r\nobjectClass: radiusprofile\r\n-\r\nadd: radiusTunnelType\r\nradiusTunnelType: 13\r\n-\r\nadd: radiusTunnelMediumType\r\nradiusTunnelMediumType: 6\r\n-\r\nadd: radiusTunnelPrivateGroupId\r\nradiusTunnelPrivateGroupId: 250\r\n__EOD__\r\nEnter LDAP Password: \r\nmodifying entry \"uid=y2admin,ou=people,dc=home,dc=yoko\"\r\n\r\n[root@ns7 ~]# ldapsearch -x -h localhost -D \"cn=Manager,dc=home,dc=yoko\" -b \"uid=y2admin,ou=people,dc=home,dc=yoko\" -W -LLL \r\nEnter LDAP Password: \r\ndn: uid=y2admin,ou=people,dc=home,dc=yoko\r\nobjectClass: top\r\nobjectClass: posixAccount\r\nobjectClass: shadowAccount\r\nobjectClass: person\r\nobjectClass: organizationalPerson\r\nobjectClass: inetOrgPerson\r\nobjectClass: sambaSamAccount\r\nobjectClass: sambaIdmapEntry\r\nobjectClass: apple-user\r\nobjectClass: radiusprofile\r\ncn: y2admin\r\nsn: y2admin\r\nuid: y2admin\r\nuidNumber: 1000000\r\ngidNumber: 1000000\r\nuserPassword:: e0NSWVBUfS ----------  EeFZIdFd5QjNKVS4=\r\nhomeDirectory: \/home\/y2admin\r\nshadowLastChange: 20315\r\nshadowMin: 0\r\nshadowMax: 99999\r\nshadowWarning: 7\r\nshadowExpire: -1\r\nshadowInactive: 0\r\nshadowFlag: 0\r\ndisplayName: y2admin\r\nsambaSID: S-1-5-21-4011659892-1488691106-2880545186-1002\r\nsambaLMPassword: FA8CFFF ------------  6954A50\r\nsambaNTPassword: 6821C54 ------------ FC59A7B1D7B\r\nsambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000\r\n 00000000\r\nsambaPwdLastSet: 1755301771\r\nsambaAcctFlags: [U          ]\r\nsambaKickoffTime: 0\r\nradiusTunnelType: 13\r\nradiusTunnelMediumType: 6\r\nradiusTunnelPrivateGroupId: 250\r\n\r\n[root@ns7 ~]# \r\n\r\n<\/code>\r\n<\/pre>\r\n<p>\u65b0\u898f\u3067\u30e6\u30fc\u30b6\u3092\u8ffd\u52a0\u3059\u308b\u5834\u5408\u306f\u3001\u30e6\u30fc\u30b6\u306e\u5168\u3066\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u8a18\u8f09\u3057\u305fLDIF\u30d5\u30a1\u30a4\u30eb\u3092ldapadd\u30b3\u30de\u30f3\u30c9\u3067\u305d\u306e\u307e\u307e\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308c\u3070\u826f\u3044\uff0e\u65e2\u5b58\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0\u3092\u7528\u3044\u3066\u30e6\u30fc\u30b6\u7ba1\u7406\u3092\u884c\u3063\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u65b0\u898f\u30e6\u30fc\u30b6\u4f5c\u6210\u7528\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u7b49\u306b\u3001RADIUS\u95a2\u4fc2\u306e\u9805\u76ee\u3092\u8ffd\u52a0\u3059\u308b\u306a\u3069\u306e\u4fee\u6b63\u304c\u5fc5\u8981\u3068\u306a\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<h4>LDAP\u3068\u9023\u643a\u3055\u305b\u308b\u305f\u3081\u306eRADIUS\u5074\u306e\u8a2d\u5b9a<\/h4>\r\n<br>\r\n<p>\u30c6\u30b9\u30c8\u7528\u306eLDAP\u30b5\u30fc\u30d0\u306e\u6e96\u5099\u304c\u3067\u304d\u305f\u3068\u3053\u308d\u3067\u3001\u4eca\u5ea6\u306fRADIUS\u5074\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u3001LDAP\u30b5\u30fc\u30d0\u304b\u3089\u8a72\u5f53\u3059\u308b\u30e6\u30fc\u30b6\u306e\"radiusTunnelPrivateGroupId\" \u306e\u5024\u3092\u53d6\u5f97\u3057\u3001RADIUS\u30b5\u30fc\u30d0\u304c\u305d\u306e\u5024\u3092VLAN\u306eID\u3068\u3057\u3066\u30aa\u30fc\u30bb\u30f3\u30c6\u30a3\u30b1\u30fc\u30bf\u3067\u3042\u308bAP\u306b\u6e21\u3059\u305f\u3081\u306e\u8a2d\u5b9a\u5909\u66f4\u3092\u884c\u3046\uff0e<\/p>\r\n<br>\r\n<p>\u5148\u305a\u6700\u521d\u306b\u3001\"\/etc\/raddb\/sites-enabled\/default\" \u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u3092\u5909\u66f4\u3059\u308b\uff0e\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u306f1,200\u884c\u4ee5\u4e0a\u3082\u3042\u308b\u306e\u3067\u3001\u5909\u66f4\u7b87\u6240\u3092\u63a2\u3059\u306e\u304c\u5927\u5909\u306a\u306e\u3067\u3001\u884c\u756a\u53f7\u4ed8\u304d\u3067\u5909\u66f4\u7b87\u6240\u3092\u63d0\u793a\u3059\u308b\uff0e<\/P>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n 465         #  configure the 'smbpasswd' module.\r\n 466 #       smbpasswd\r\n 467 \r\n 468         #\r\n 469         #  The ldap module reads passwords from the LDAP database.\r\n 470         -ldap  \u3000\uff1c\uff1d\uff1d\uff1d \u30de\u30a4\u30ca\u30b9\u8a18\u53f7\u3092\u524a\u9664\u3057\u3066 \"ldap\" \u3078\r\n 471 \r\n 472         #\r\n 473         #  If you're using Active Directory and PAP, then uncomment\r\n\r\n \r\n 612         #  However, it is necessary for Active Directory, because\r\n 613         #  Active Directory won't give the passwords to FreeRADIUS.\r\n 614         #\r\n 615 #       Auth-Type LDAP {\u3000\u3000\uff1c\uff1d\uff1d\uff1d \u30b3\u30e1\u30f3\u30c8\u3092\u524a\u9664\uff083\u884c\u5206\uff09\r\n 616 #               ldap\r\n 617 #       }\r\n 618 \r\n 619         #\r\n 620         #  Allow EAP authentication.\r\n 621         eap\r\n 622 \r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u540c\u69d8\u306b\u3001\u540c\u3058\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306e\u3001\"\/etc\/raddb\/sites-enabled\/inner-tunnel\" \u30d5\u30a1\u30a4\u30eb\u5185\u306b\u3082 ldap\u3092\u4f7f\u308f\u306a\u3044\u3068\u3044\u3046\u8a2d\u5b9a\u304c\u5165\u3063\u3066\u3044\u308b\u306e\u3067\u3001\u3053\u3061\u3089\u3082ldap\u3092\u4f7f\u3046\u8a2d\u5b9a\u306b\u5909\u66f4\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n153 #       smbpasswd\r\n154 \r\n155         #\r\n156         #  The ldap module reads passwords from the LDAP database.\r\n157         -ldap  \uff1c\uff1d\uff1d\uff1d \u30de\u30a4\u30ca\u30b9\u8a18\u53f7\u3092\u524a\u9664\u3057\u3066 \"ldap\" \u3078\r\n158  \r\n\r\n242         #  LDAP servers do not.\r\n243         #\r\n244 #       Auth-Type LDAP {  \uff1c\uff1d\uff1d\uff1d \u30b3\u30e1\u30f3\u30c8\u3092\u524a\u9664\uff083\u884c\u5206\uff09\r\n245 #               ldap\r\n246 #       }\r\n247 \r\n248         #\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p> \u30e6\u30fc\u30b6\u60c5\u5831\u306e\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb \"users\"  ( \"\/etc\/raddb\/\/mods-config\/files\/authorize\" \u3078\u306e\u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u30ea\u30f3\u30af )  \u306b\u3001\u4e0b\u8a18\u306e\u884c\u3092\u8ffd\u8a18\u3059\u308b\uff0e\u8ffd\u8a18\u306e\u5834\u6240\u306f\u30c6\u30b9\u30c8\u7528\u306eRADIUS\u30ed\u30fc\u30ab\u30eb\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u5b9a\u7fa9\u306e\u524d\u3042\u305f\u308a\u304c\u826f\u3044\u3060\u308d\u3046\uff0e\u30e6\u30fc\u30b6\u8a8d\u8a3c\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u3092LDAP\u3078\u554f\u3044\u5408\u308f\u305b\u308b\u69d8\u306b\u8a2d\u5b9a\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<p>RADIUS\u5c5e\u6027\u3068\u3057\u3066\"Tunnel-Type = 13\" \u3068\u3000\"Tunnel-Medium-Type = 6\" \u3092\u5168\u54e1\u5171\u901a\u306e\u5c5e\u6027\u3068\u3057\u3066\u4e0e\u3048\u3066\u3042\u308b\u304c\u3001LDAP\u5074\u304b\u3089\u5bfe\u5fdc\u3059\u308b\u5c5e\u6027\u304c\u5f97\u3089\u308c\u305f\u5834\u5408\u306f\u3001\u3053\u306e\u5c5e\u6027\u5024\u306fLDAP\u5074\u306e\u5024\u3067\u30aa\u30fc\u30d0\u30e9\u30a4\u30c9\u3055\u308c\u308b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n203 \r\n204 # On no match, the user is denied access.\r\n205 #\r\n206 #=========================================================================#\r\n207 #   Authentication Method :  LDAP Account                                 #\r\n208 #=========================================================================#\r\n209 DEFAULT Auth-Type = LDAP\r\n210         Tunnel-Type = 13,\r\n211         Tunnel-Medium-Type = 6,\r\n212         Fall-Through = Yes\r\n213 \r\n214 \r\n215 \r\n216 #########################################################\r\n217 # You should add test accounts to the TOP of this file! #\r\n218 # See the example user \"bob\" above.                     #\r\n219 #########################################################\r\n220 #\r\n221 radtest007  Cleartext-Password := \"Hi32da4\"\r\n222             Reply-Message := \"Welcome, %{User-Name}\"  \r\n223 ###########################################################\r\n224 #\r\n225 #=========================================================================#\r\n226 #   Test user account for authenticated VLAN  \r\n227 vl100user  Auth-Type:=EAP, Cleartext-Password := \"ImVL100\"\r\n228         Tunnel-Type = 13,\r\n229         Tunnel-Medium-Type = 6, \r\n230         Tunnel-Private-Group-Id = 100\r\n231 \r\n232 vl200user Auth-Type:=EAP, Cleartext-Password := \"ImVL200\"\r\n233         Tunnel-Type = 13,\r\n234         Tunnel-Medium-Type =6,\r\n235         Tunnel-Private-Group-Id = 200\r\n  \r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\"\/etc\/raddb\/dictionay\" \u30d5\u30a1\u30a4\u30eb\u306e\u672b\u5c3e\u306b\u6b21\u306e\u8a18\u8ff0\u3092\u52a0\u3048\u308b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n#\r\n#\tThese attributes are examples\r\n#\r\n#ATTRIBUTE\tMy-Local-String\t\t3000\tstring\r\n#ATTRIBUTE\tMy-Local-IPAddr\t\t3001\tipaddr\r\n#ATTRIBUTE\tMy-Local-Integer\t3002\tinteger\r\n#\r\n#\r\n\r\n#=============================================================================\r\n#  LDAP\r\nVALUE           Auth-Type               LDAP    5\r\n#=============================================================================\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u6700\u5f8c\u306b\u3001\"\/etc\/raddb\/mods-available\/ldap\" \u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3057\u3066\u3001\u4eca\u56de\u8a2d\u7f6e\u3057\u305fLDAP\u30b5\u30fc\u30d0\u306b\u63a5\u7d9a\uff08\u30d0\u30a4\u30f3\u30c9\uff09\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u3092\u884c\u3046.\r\n\u4eca\u56de\u306f\u30c6\u30b9\u30c8\u74b0\u5883\u306a\u306e\u3067\u3001LDAPS\u3067\u306f\u306a\u304fLDAP(389)\u3067LDAP\u30b5\u30fc\u30d0\u3078\u63a5\u7d9a\u3059\u308b\uff0e\u672c\u756a\u74b0\u5883\u3067\u306fLDAPS\u3067\u306e\u63a5\u7d9a\u3092\u4f7f\u3046\u3088\u3046\u306b\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<p>LDAP\u30b5\u30fc\u30d0\u3068\u306e\u901a\u4fe1\u306fLDAP(389)\u306a\u306e\u3067\u3001IP\u30a2\u30c9\u30ec\u30b9\u3067\u3082\u69cb\u308f\u306a\u3044\u304c\u3001LDAPS\u3067\u306e\u63a5\u7d9a\u3067\u306f FQDN \u3067\u63a5\u7d9a\u3059\u308b\u3088\u3046\u306b\u3059\u308b\uff0e\u4eca\u56de\u306f\u30c6\u30b9\u30c8\u306a\u306e\u3067\u63a5\u7d9a\u7528\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u7ba1\u7406\u30e6\u30fc\u30b6\u3092\u4f7f\u3063\u3066\u3044\u308b\u304c\u3001\u672c\u756a\u74b0\u5883\u3067\u306fLDAP\u5074\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u6a29\u9650\u3084\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u304d\u3061\u3093\u3068\u8a2d\u5b9a\u3057\u3066\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u3092\u9ad8\u3081\u308b\u5de5\u592b\u304c\u5fc5\u8981\u306b\u306a\u308b\uff0e<\/p>\r\n<br>\r\n<p>LDAP\u306e\u63a5\u7d9a\u60c5\u5831\u306e\u4ed6\u306b\u3001RADIUS\u5074\u306e\u5c5e\u6027\u3068LDAP\u5074\u306e\u5c5e\u6027\u60c5\u5831\u306e\u30de\u30c3\u30d4\u30f3\u30b0\u3092\u6307\u5b9a\u3059\u308b\u90e8\u5206\u304c\u3042\u308b\u304c\u3001\u3053\u3053\u3067\u306f RADIUS\u5074\u306e 'NT-Password' \u3068\u3000'Tunnel-Private-Group-ID' \u3092\u30de\u30c3\u30d4\u30f3\u30b0\u3057\u3066\u3044\u308b\uff0e<\/p> \r\n<br>\r\n<p>\u4eca\u56de\u306f\u3001EAP-PEAP\uff08MSCHAPv2\uff09\u306b\u3088\u308b\u8a8d\u8a3c\u3092\u884c\u3046\u306e\u3067\u3001\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u60c5\u5831\u306f'sambaNTPassword'\u3092\u7528\u3044\u3066\u3044\u308b\u304c\u3001QNAP\u306eLDAP\u3067\u306fsmbldap-tools\u3067\u4f5c\u6210\u3055\u308c\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u30cf\u30c3\u30b7\u30e5\u3092'sambaNTPassword'\u306b\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u3088\u3046\u306a\u306e\u3067\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u30cf\u30c3\u30b7\u30e5\u306f\u3053\u306e\u5024\u3092\u4f7f\u3046\u3053\u3068\u306b\u3059\u308b\uff0e\u3053\u306e\u8fba\u306e\u8a2d\u5b9a\u306fLDAP\u5074\u3067\u3069\u306e\u3088\u3046\u306a\u30d1\u30b9\u30ef\u30fc\u30c9\u60c5\u5831\u3092\u6301\u3063\u3066\u3044\u308b\u306e\u304b\u306b\u3088\u3063\u3066\u9069\u5b9c\u5909\u66f4\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>LDAP\u3067\u306f\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u60c5\u5831\u3092\u3069\u306e\u3088\u3046\u306b\u8a18\u9332\u3059\u308b\u306e\u304b\u306fLDAP\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u306e\u6574\u5408\u6027\u306e\u554f\u984c\u304c\u3042\u308a\u3001\u3044\u3064\u3082\u82e6\u52b4\u3059\u308b\u3053\u3068\u306b\u306a\u308b\uff0e<\/p>\r\n<br>\r\n<p>\u8a8d\u8a3cVLAN\u306eID\u60c5\u5831\u306b\u7528\u3044\u308bRADIUS\u5c5e\u6027 'Tunnel-Private-Group-ID' \u306e\u8fd4\u7b54\u3092\u3000LDAP\u306e'radiusTunnelPrivategroupId' \u5c5e\u6027\u304b\u3089\u53d6\u5f97\u3057\u305f\u5024\u3092\u305d\u306e\u307e\u307eRADIUS\u5fdc\u7b54\u3068\u3057\u3066\u8fd4\u3059\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u3066\u3044\u308b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n ...\r\n\r\n#  Lightweight Directory Access Protocol (LDAP)\r\n#\r\nldap {\r\n        #  Note that this needs to match the name(s) in the LDAP server\r\n        #  certificate, if you're using ldaps.  See OpenLDAP documentation\r\n        #  for the behavioral semantics of specifying more than one host.\r\n        #\r\n        #  Depending on the libldap in use, server may be an LDAP URI.\r\n        #  In the case of OpenLDAP this allows additional the following\r\n        #  additional schemes:\r\n        #  - ldaps:\/\/ (LDAP over SSL)\r\n        #  - ldapi:\/\/ (LDAP over Unix socket)\r\n        #  - ldapc:\/\/ (Connectionless LDAP)\r\n#       server = 'localhost'\r\n#       server = 'ldap.rrdns.example.org'\r\n#       server = 'ldap.rrdns.example.org'\r\n#========================================================\r\n        server = 'ns.admin.home.yoko'\r\n#========================================================\r\n\r\n#========================================================\r\n#       identity = 'cn=admin,dc=example,dc=org'\r\n#       password = mypass\r\n        identity = 'cn=yyyyyy,dc=home,dc=yoko'\r\n        password = Naisyo!\r\n#========================================================\r\n\r\n        #  Unless overridden in another section, the dn from which all\r\n        #  searches will start from.\r\n#========================================================\r\n        base_dn = 'dc=home,dc=yoko'\r\n#========================================================\r\n\r\n  ...\r\n\r\n        #  Note: LDAP attribute names should be single quoted unless you want\r\n        #  the name value to be derived from an xlat expansion, or an\r\n        #  attribute ref.\r\n        update {\r\n                control:Password-With-Header    += 'userPassword'\r\n#               control:NT-Password             := 'ntPassword'\r\n#               reply:Reply-Message             := 'radiusReplyMessage'\r\n\r\n#===================================================================================#\r\n#               reply:Tunnel-Type               := 'radiusTunnelType'\r\n#               reply:Tunnel-Medium-Type        := 'radiusTunnelMediumType'\r\n#               reply:Tunnel-Private-Group-ID   := 'radiusTunnelPrivategroupId'\r\n#===================================================================================#\r\n                reply:Tunnel-Private-Group-ID   := 'radiusTunnelPrivategroupId'\r\n#===================================================================================#\r\n\r\n#===================================================================================#\r\n\t\tcontrol:NT-Password             := 'sambaNTPassword'\r\n#===================================================================================#\r\n\r\n                #  Where only a list is specified as the RADIUS attribute,\r\n                #  the value of the LDAP attribute is parsed as a valuepair\r\n                #  in the same format as the 'valuepair_attribute' (above).\r\n                control:                        += 'radiusControlAttribute'\r\n                request:                        += 'radiusRequestAttribute'\r\n                reply:                          += 'radiusReplyAttribute'\r\n        }\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u4eca\u56de\u306f\u3001RADIUS\u7528\u306e\u30b9\u30ad\u30fc\u30de\u3092LDAP\u30b5\u30fc\u30d0\u306b\u8ffd\u52a0\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u8a8d\u8a3cVLAN\u7528\u306e\u5c5e\u6027\u3092LDAP\u5074\u306b\u6301\u305f\u305b\u308b\u3053\u3068\u304c\u3067\u304d\u305f\u304c\u3001\u65e2\u5b58\u306eLDAP\u30b5\u30fc\u30d0\u306e\u5834\u5408\u3001RADIUS\u7528\u306e\u30b9\u30ad\u30fc\u30de\u3092\u8ffd\u52a0\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u306a\u3044\u5834\u5408\u3082\u591a\u3044\u3060\u308d\u3046\uff0e\u305d\u306e\u3088\u3046\u306a\u5834\u5408\u3001\u4e0a\u8a18\u306e\u30de\u30c3\u30d4\u30f3\u30b0\u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u4f7f\u3063\u3066LDAP\u5074\u306e\u672a\u5229\u7528\u306e\u5c5e\u6027\u3068\u30de\u30c3\u30d4\u30f3\u30b0\u3055\u305b\u308b\u3053\u3068\u304c\u53ef\u80fd\u3060\uff0e\u4f46\u3057\u3001\u672c\u6765\u306e\u60f3\u5b9a\u7528\u9014\u3068\u304b\u3051\u96e2\u308c\u305f\u5c5e\u6027\u306e\u9805\u76ee\u3092\u76ee\u7684\u5916\u4f7f\u7528\u3059\u308b\u3068\u3001\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u3084\u30b7\u30b9\u30c6\u30e0\u30ea\u30d7\u30ec\u30fc\u30b9\u306e\u969b\u306b\u5927\u304d\u306a\u969c\u5bb3\u3068\u306a\u308b\u306e\u3067\u3001\u3053\u306e\u3088\u3046\u306a\u65b9\u6cd5\u306f\u907f\u3051\u305f\u65b9\u304c\u826f\u3044\uff0e<\/p>\r\n<br>\r\n<p>\u79c1\u3082\u5b9f\u969b\u306b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30b7\u30b9\u30c6\u30e0\u306e\u7a7a\u304d\u5c5e\u6027\u9805\u76ee\u3092\u52dd\u624b\u306b\u6d41\u7528\u3057\u3066\u3044\u308b\u7d44\u7e54\u304c\u3001\u30b7\u30b9\u30c6\u30e0\u30ea\u30d7\u30ec\u30fc\u30b9\u3067\u75db\u3044\u76ee\u306b\u906d\u3063\u3066\u3044\u308b\u73fe\u5834\u3092\u7d4c\u9a13\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u76ee\u7684\u306eLDAP\u5c5e\u6027\u304c\u898b\u3064\u304b\u3089\u306a\u3044\u5834\u5408\u306f\u3001<a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc4512\" target=\"_blank\">RFC 4512<\/a>\u306e\u4ed5\u69d8\u306b\u306b\u5f93\u3063\u3066\u30ab\u30b9\u30bf\u30e0LDAP\u5c5e\u6027\u3092\u5b9a\u7fa9\u3057\u3066\u7528\u3044\u308b\u65b9\u304c\u826f\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>\"\/etc\/raddb\/mod-available\/ldap\" \u30d5\u30a1\u30a4\u30eb\u306e\u7de8\u96c6\u304c\u7d42\u308f\u3063\u305f\u3089\u3001\"\/etc\/raddb\/mod-enabled\/\" \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5185\u306b\"\/etc\/raddb\/mod-available\/ldap\" \u30d5\u30a1\u30a4\u30eb\u306e\u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u30ea\u30f3\u30af\u3092\u4f5c\u6210\u3059\u308b\uff0e\u3053\u306e\u4f5c\u696d\u3092\u884c\u308f\u306a\u3044\u3068FreeRADIUS\u30b5\u30fc\u30d0\u306fLDAP\u304c\u6709\u52b9\u306b\u306a\u3089\u306a\u3044\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n[root@nsauth6 mods-enabled]# pwd\r\n\/etc\/raddb\/mods-enabled\r\n[root@nsauth6 mods-enabled]# ls -la\r\ntotal 8\r\ndrwxr-x---. 2 root radiusd 4096 Aug 16 19:23 .\r\ndrwxr-xr-x. 9 root radiusd 4096 Aug 16 17:30 ..\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 always -> ..\/mods-available\/always\r\nlrwxrwxrwx. 1 root radiusd   29 Jan 31  2025 attr_filter -> ..\/mods-available\/attr_filter\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 chap -> ..\/mods-available\/chap\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 date -> ..\/mods-available\/date\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 detail -> ..\/mods-available\/detail\r\nlrwxrwxrwx. 1 root radiusd   28 Jan 31  2025 detail.log -> ..\/mods-available\/detail.log\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 digest -> ..\/mods-available\/digest\r\nlrwxrwxrwx. 1 root radiusd   33 Jan 31  2025 dynamic_clients -> ..\/mods-available\/dynamic_clients\r\nlrwxrwxrwx. 1 root radiusd   21 Jan 31  2025 eap -> ..\/mods-available\/eap\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 echo -> ..\/mods-available\/echo\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 exec -> ..\/mods-available\/exec\r\nlrwxrwxrwx. 1 root radiusd   28 Jan 31  2025 expiration -> ..\/mods-available\/expiration\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 expr -> ..\/mods-available\/expr\r\nlrwxrwxrwx. 1 root radiusd   23 Jan 31  2025 files -> ..\/mods-available\/files\r\nlrwxrwxrwx. 1 root radiusd   25 Jan 31  2025 linelog -> ..\/mods-available\/linelog\r\nlrwxrwxrwx. 1 root radiusd   27 Jan 31  2025 logintime -> ..\/mods-available\/logintime\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 mschap -> ..\/mods-available\/mschap\r\nlrwxrwxrwx. 1 root radiusd   27 Jan 31  2025 ntlm_auth -> ..\/mods-available\/ntlm_auth\r\nlrwxrwxrwx. 1 root radiusd   21 Jan 31  2025 pap -> ..\/mods-available\/pap\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 passwd -> ..\/mods-available\/passwd\r\nlrwxrwxrwx. 1 root radiusd   28 Jan 31  2025 preprocess -> ..\/mods-available\/preprocess\r\nlrwxrwxrwx  1 root radiusd   34 Jan 31  2025 proxy_rate_limit -> ..\/mods-available\/proxy_rate_limit\r\nlrwxrwxrwx. 1 root radiusd   25 Jan 31  2025 radutmp -> ..\/mods-available\/radutmp\r\nlrwxrwxrwx. 1 root radiusd   23 Jan 31  2025 realm -> ..\/mods-available\/realm\r\nlrwxrwxrwx. 1 root radiusd   27 Jan 31  2025 replicate -> ..\/mods-available\/replicate\r\nlrwxrwxrwx. 1 root radiusd   21 Jan 31  2025 soh -> ..\/mods-available\/soh\r\nlrwxrwxrwx. 1 root radiusd   26 Jan 31  2025 sradutmp -> ..\/mods-available\/sradutmp\r\nlrwxrwxrwx  1 root radiusd   22 Jan 31  2025 totp -> ..\/mods-available\/totp\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 unix -> ..\/mods-available\/unix\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 unpack -> ..\/mods-available\/unpack\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 utf8 -> ..\/mods-available\/utf8\r\n[root@nsauth6 mods-enabled]# \r\n[root@nsauth6 mods-enabled]# ln -s ..\/mods-available\/ldap  ldap  \uff1c\uff1d\uff1d\uff1d \u30b7\u30f3\u30dc\u30ea\u30c3\u30af\u30ea\u30f3\u30af\u306e\u4f5c\u6210\r\n\r\n[root@nsauth6 mods-enabled]# ls -la\r\ntotal 8\r\ndrwxr-x---. 2 root radiusd 4096 Aug 16 19:31 .\r\ndrwxr-xr-x. 9 root radiusd 4096 Aug 16 17:30 ..\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 always -> ..\/mods-available\/always\r\nlrwxrwxrwx. 1 root radiusd   29 Jan 31  2025 attr_filter -> ..\/mods-available\/attr_filter\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 chap -> ..\/mods-available\/chap\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 date -> ..\/mods-available\/date\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 detail -> ..\/mods-available\/detail\r\nlrwxrwxrwx. 1 root radiusd   28 Jan 31  2025 detail.log -> ..\/mods-available\/detail.log\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 digest -> ..\/mods-available\/digest\r\nlrwxrwxrwx. 1 root radiusd   33 Jan 31  2025 dynamic_clients -> ..\/mods-available\/dynamic_clients\r\nlrwxrwxrwx. 1 root radiusd   21 Jan 31  2025 eap -> ..\/mods-available\/eap\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 echo -> ..\/mods-available\/echo\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 exec -> ..\/mods-available\/exec\r\nlrwxrwxrwx. 1 root radiusd   28 Jan 31  2025 expiration -> ..\/mods-available\/expiration\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 expr -> ..\/mods-available\/expr\r\nlrwxrwxrwx. 1 root radiusd   23 Jan 31  2025 files -> ..\/mods-available\/files\r\nlrwxrwxrwx  1 root root      22 Aug 16 19:31 ldap -> ..\/mods-available\/ldap\r\nlrwxrwxrwx. 1 root radiusd   25 Jan 31  2025 linelog -> ..\/mods-available\/linelog\r\nlrwxrwxrwx. 1 root radiusd   27 Jan 31  2025 logintime -> ..\/mods-available\/logintime\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 mschap -> ..\/mods-available\/mschap\r\nlrwxrwxrwx. 1 root radiusd   27 Jan 31  2025 ntlm_auth -> ..\/mods-available\/ntlm_auth\r\nlrwxrwxrwx. 1 root radiusd   21 Jan 31  2025 pap -> ..\/mods-available\/pap\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 passwd -> ..\/mods-available\/passwd\r\nlrwxrwxrwx. 1 root radiusd   28 Jan 31  2025 preprocess -> ..\/mods-available\/preprocess\r\nlrwxrwxrwx  1 root radiusd   34 Jan 31  2025 proxy_rate_limit -> ..\/mods-available\/proxy_rate_limit\r\nlrwxrwxrwx. 1 root radiusd   25 Jan 31  2025 radutmp -> ..\/mods-available\/radutmp\r\nlrwxrwxrwx. 1 root radiusd   23 Jan 31  2025 realm -> ..\/mods-available\/realm\r\nlrwxrwxrwx. 1 root radiusd   27 Jan 31  2025 replicate -> ..\/mods-available\/replicate\r\nlrwxrwxrwx. 1 root radiusd   21 Jan 31  2025 soh -> ..\/mods-available\/soh\r\nlrwxrwxrwx. 1 root radiusd   26 Jan 31  2025 sradutmp -> ..\/mods-available\/sradutmp\r\nlrwxrwxrwx  1 root radiusd   22 Jan 31  2025 totp -> ..\/mods-available\/totp\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 unix -> ..\/mods-available\/unix\r\nlrwxrwxrwx. 1 root radiusd   24 Jan 31  2025 unpack -> ..\/mods-available\/unpack\r\nlrwxrwxrwx. 1 root radiusd   22 Jan 31  2025 utf8 -> ..\/mods-available\/utf8\r\n[root@nsauth6 mods-enabled]# \r\n\r\n[root@nsauth6 mods-enabled]# chown -h root:radiusd ldap   \uff1c\uff1d\uff1d\uff1d \u3068\u308a\u3042\u3048\u305agroup\u3092\"radiusd\" \u306b\u5909\u66f4\uff08\u3084\u3089\u306a\u304f\u3066\u3082\u826f\u3044\uff09\r\n\r\n<\/code>\r\n<\/pre>\r\n\r\n<p>\u4ee5\u4e0a\u3067LDAP\u30b5\u30fc\u30d0\u3068\u306e\u9023\u643a\u306e\u305f\u3081\u306e\u8a2d\u5b9a\u5909\u66f4\u4f5c\u696d\u304c\u7d42\u4e86\u3057\u305f\u306e\u3067\u3001\"systemctl restart radiusd\" \u3067RADIUS\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3055\u305b\u308c\u3070FreeRADIUS\u304cLDAP\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3059\u308b\u3088\u3046\u306b\u306a\u308b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<h4>LDAP\u9023\u643a\u30c6\u30b9\u30c8<\/h4>\r\n<br>\r\n<p>FreeRADIUS\u30b5\u30fc\u30d0\u304b\u3089LDAP\u30b5\u30fc\u30d0\u3078\u30e6\u30fc\u30b6\u60c5\u5831\u3092\u554f\u3044\u5408\u308f\u305b\u308b\u8a2d\u5b9a\u304c\u6e08\u3093\u3060\u306e\u3067\u3001\u3068\u308a\u3042\u3048\u305aRADIUS\u30b5\u30fc\u30d0\u304b\u3089LDAP\u30b5\u30fc\u30d0\u3078\u306e\u554f\u3044\u5408\u308f\u305b\u304c\u6b63\u5e38\u306b\u884c\u308f\u308c\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\uff0eRRADIUS\u30b5\u30fc\u30d0\u4e0a\u3067ldapsearch\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3063\u3066\u30e6\u30fc\u30b6 \"y2admin\"\u306e\u60c5\u5831\u3092\u53d6\u5f97\u3057\u3066\u307f\u308b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n[root@nsauth6 mods-available]# ldapsearch -x -H ldap:\/\/ns.admin.home.yoko -D \"cn=yyyyyyy,dc=home,dc=yoko\" -b \"uid=y2admin,ou=people,dc=home,dc=yoko\" -W\r\nEnter LDAP Password: \r\n# extended LDIF\r\n#\r\n# LDAPv3\r\n# base <uid=y2admin,ou=people,dc=home,dc=yoko> with scope subtree\r\n# filter: (objectclass=*)\r\n# requesting: ALL\r\n#\r\n\r\n# y2admin, people, home.yoko\r\ndn: uid=y2admin,ou=people,dc=home,dc=yoko\r\nobjectClass: top\r\nobjectClass: posixAccount\r\nobjectClass: shadowAccount\r\nobjectClass: person\r\nobjectClass: organizationalPerson\r\nobjectClass: inetOrgPerson\r\nobjectClass: sambaSamAccount\r\nobjectClass: sambaIdmapEntry\r\nobjectClass: apple-user\r\nobjectClass: radiusprofile\r\ncn: y2admin\r\nsn: y2admin\r\nuid: y2admin\r\nuidNumber: 1000000\r\ngidNumber: 1000000\r\nuserPassword:: e0NSWVBUfS -----------   eFZIdFd5QjNKVS4=\r\nhomeDirectory: \/home\/y2admin\r\nshadowLastChange: 20315\r\nshadowMin: 0\r\nshadowMax: 99999\r\nshadowWarning: 7\r\nshadowExpire: -1\r\nshadowInactive: 0\r\nshadowFlag: 0\r\ndisplayName: y2admin\r\nsambaSID: S-1-5-21-4011659892-1488691106-2880545186-1002\r\nsambaLMPassword: FA8CF---------------8D76954A50\r\nsambaNTPassword: 6821C---------------3BFC59A7B1D7B\r\nsambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000\r\n 00000000\r\nsambaPwdLastSet: 1755301771\r\nsambaAcctFlags: [U          ]\r\nsambaKickoffTime: 0\r\nradiusTunnelType: 13\r\nradiusTunnelMediumType: 6\r\nradiusTunnelPrivateGroupId: 250\r\n\r\n# search result\r\nsearch: 2\r\nresult: 0 Success\r\n\r\n# numResponses: 2\r\n# numEntries: 1\r\n[root@nsauth6 mods-available]# \r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>FreeRADIUS\u304b\u3089LDAP\u30b5\u30fc\u30d0\u3078\u306e\u554f\u3044\u5408\u308f\u305b\u306f\u6b63\u5e38\u306e\u3088\u3046\u3060\uff0e<\/p>\r\n<br>\r\n\r\n<h4>LDAP\u9023\u643a\u3055\u305b\u305fRADIUS\u30b5\u30fc\u30d0\u3067\u306e\u63a5\u7d9a\u30c6\u30b9\u30c8<\/h4>\r\n<br>\r\n<p>LDAP\u30b5\u30fc\u30d0\u4e0a\u306b\u65b0\u898f\u306b\u4f5c\u6210\u3057\u305f\"testuser100\" \u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f7f\u3063\u3066\u5b9f\u969b\u306b\u7121\u7ddaLAN\u30af\u30e9\u30a4\u30f3\u30c8\u304b\u3089 \"Y2Test1x\" \u3078\u63a5\u7d9a\u3057\u3066\u307f\u308b\uff0e\u30ed\u30b0\u30a4\u30f3\u8a8d\u8a3c\u304c\u6210\u529f\u3059\u308b\u3068\u3001\u3053\u306e\u30e6\u30fc\u30b6\u306fVLAN100\uff08172.25.100.0\/24\uff09\u306e\u30bb\u30b0\u30e1\u30f3\u30c8\u306b\u63a5\u7d9a\u3055\u308c\u308b\u7b48\u3060\uff0e<\/p>\r\n<br>\r\n<div style=\"width: 100%; margin: 0 auto; text-align: center;\">\r\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/08\/LDAPUserVL100Login.png\" alt=\"LDAP User VL100 Login\" width=\"480\" height=\"301\" class=\"size-full wp-image-10723\" srcset=\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/08\/LDAPUserVL100Login.png 480w, https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/08\/LDAPUserVL100Login-320x201.png 320w\" sizes=\"auto, (max-width: 480px) 100vw, 480px\" \/>\r\n<br>\r\n<span>\"testuser100\" \u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f7f\u3063\u3066 \"Y2Test1x\" \u3078\u63a5\u7d9a<\/span>\r\n<br>\r\n<br>\r\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/08\/SuccessVL100LDAP.png\" alt=\"Success VL100 LDAP\" width=\"640\" height=\"408\" class=\"size-full wp-image-10724\" srcset=\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/08\/SuccessVL100LDAP.png 640w, https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/08\/SuccessVL100LDAP-320x204.png 320w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/>\r\n<br>\r\n<span>\"testuser100\" \u306b\u5272\u308a\u5f53\u3066\u305fVLAN100 \uff08172.25.100.0\/24\uff09\u306e\u30bb\u30b0\u30e1\u30f3\u30c8\u306b\u63a5\u7d9a\u3055\u308c\u3066\u3044\u308b<\/span>\r\n<br>\r\n<br>\r\n\r\n<\/div>\r\n<br>\r\n<br>\r\n<h4>\u3010\u5b9f\u9a13\u541b\u3011LDAP\u306e\"radiusTunnelPrivateGroupId\" \u3067 RADIUS\u306e\u8a2d\u5b9a \u3092\u30aa\u30fc\u30d0\u30e9\u30a4\u30c9\u3059\u308b\u306e\u304b?<\/h4>\r\n<br>\r\n<p>\"\/etc\/raddb\/users\" \u306b \"Tunnel-Private-Group-Id = 200\" \u3092\u8ffd\u52a0\u8a2d\u5b9a\u3057\u3001VLAN\u60c5\u5831\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u306a\u3044\u30a2\u30ab\u30a6\u30f3\u30c8\"radtest007\" \u3068\"testuser100\" \u3067\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u307f\u308b\uff0e<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n# On no match, the user is denied access.\r\n#\r\n#=========================================================================#\r\n#   Authentication Method :  LDAP Account                                 #\r\n#=========================================================================#\r\nDEFAULT Auth-Type = LDAP\r\n        Tunnel-Type = 13,\r\n        Tunnel-Medium-Type = 6,\r\n        Tunnel-Private-Group-Id = 200,\r\n        Fall-Through = Yes\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u3010\u7d50\u679c\u3011\u3000<br>\r\n\u3000\u3000\u3000\"radtest007\"\u3000 \uff1d\uff1d\uff1d\uff1e\u3000VLAN200 \u306b\u30a2\u30b5\u30a4\u30f3\u3055\u308c\u308b <br>\r\n<br>\r\n\u3000\u3000\u3000\"testuser100\" \uff1d\uff1d\uff1d\uff1e\u3000VLAN100 \u306b\u30a2\u30b5\u30a4\u30f3\u3055\u308c\u308b <br>\r\n<\/p>\r\n<br>\r\n<p>\u3053\u306e\u7d50\u679c\u304b\u3089\u3001\"Test1x\" \u306b\u63a5\u7d9a\u3057\u305f\u5834\u5408\u3001\u30e6\u30fc\u30b6\u5074\u306bVLAN\u60c5\u5831\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306f\u3001RADIUS\u5074\u3067\u8a2d\u5b9a\u3057\u305f\u30c7\u30d5\u30a9\u30eb\u30c8\u306eVLAN200\u306b\u30a2\u30b5\u30a4\u30f3\u3055\u308c\u308b\u304c\u3001LDAP\u4e0a\u306bVLAN\u60c5\u5831\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306f\u305d\u306eVLAN\u306b\u30a2\u30b5\u30a4\u30f3\u3055\u308c\u308b\uff0e\u3064\u307e\u308a\u3001LDAP\u5074\u306eVLAN\u60c5\u5831\u3067\u30aa\u30fc\u30d0\u30fc\u30e9\u30a4\u30c9\u3055\u308c\u308b\u3053\u3068\u306b\u306a\u308b\uff0e<\/p>\r\n<br>\r\n<p>\u4ee5\u4e0a\u3067\u3001\u4eca\u56de\u306eAruba Instant On Wireless AP \u3092\u7528\u3044\u305f\u8a8d\u8a3cVLAN\u306e\u5b9f\u88c5\u65b9\u6cd5\u306b\u3064\u3044\u3066\u306e\u4e00\u9023\u306e\u89e3\u8aac\u3092\u7d42\u4e86\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e\u8a8d\u8a3cVLAN\u3068\u805e\u304f\u3068\u8a2d\u5b9a\u304c\u96e3\u3057\u304f\u3001\u5c02\u9580\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a8\u30f3\u30b8\u30cb\u30a2\u3067\u306a\u3051\u308c\u3070\u5b9f\u88c5\u306f\u96e3\u3057\u3044\u3068\u601d\u308f\u308c\u304c\u3061\u3060\u304c\u3001RADIUS\u30b5\u30fc\u30d0\u3060\u3051\u3067\u3082\u6bd4\u8f03\u7684\u7c21\u5358\u306b\u5b9f\u88c5\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u3067\u3042\u308b\u3053\u3068\u304c\u7406\u89e3\u3067\u304d\u305f\u3067\u3042\u308d\u3046\u304b\uff0e<\/p>\r\n<br>\r\n<p>\u7121\u7ddaLAN\u306e\u5834\u5408\u306f\u3001\u4f7f\u7528\u3059\u308bAP\u304c\u8a8d\u8a3cVLAN\u306b\u5bfe\u5fdc\u53ef\u80fd\u3067\u3042\u308b\u3068\u3044\u3046\u6761\u4ef6\u304c\u3042\u308b\u306e\u3067\u3001Aruba\u4ee5\u5916\u306e\u5b89\u4fa1\u306a\u30b9\u30e2\u30fc\u30eb\u30d3\u30b8\u30cd\u30b9\u7528\u306eAP\u3067\u306f\u96e3\u3057\u3044\u304b\u3082\u3057\u308c\u306a\u3044\u304c\u3001\u8a8d\u8a3cVLAN\u3092\u5b9f\u73fe\u3067\u304d\u308c\u3070\u7121\u7ddaLAN\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u5f37\u5316\u306b\u3064\u306a\u304c\u308b\u3060\u3051\u3067\u306a\u304f\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u5074\u306e\u4f7f\u3044\u52dd\u624b\u3082\u5411\u4e0a\u3059\u308b\u306e\u3067\u306f\u306a\u3044\u304b\u3068\u601d\u3046\uff0e<\/p>\r\n\r\n\r\n","protected":false},"excerpt":{"rendered":"\u4eca\u56de\u306f\u3001FreeRADIUS\u30b5\u30fc\u30d0\u3092\u65e2\u5b58\u306eOpenLDAP\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u7d39\u4ecb\u3059\u308b\uff0eLDAP\u30b5\u30fc\u30d0\u305d\u306e\u3082\u306e\u306e\u69cb\u7bc9\u306b\u3064\u3044\u3066\u306f\u307e\u305f\u5225\u306a\u6a5f\u4f1a\u306b\u7d39\u4ecb\u3057\u3088\u3046\u3068\u601d\u3046\uff0e","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[13],"tags":[985,998,75,984],"class_list":{"0":"post-10685","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-sysadmin","7":"tag-ldap","9":"tag-radius","10":"tag-vlan"},"_links":{"self":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/comments?post=10685"}],"version-history":[{"count":3,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10685\/revisions"}],"predecessor-version":[{"id":11329,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10685\/revisions\/11329"}],"wp:attachment":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/media?parent=10685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/categories?post=10685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/tags?post=10685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}