(RADIATOR) DEFAULT user
Hugh Irvine
hugh at open.com.au
Mon Feb 25 00:48:29 CST 2002
Hello Stephen -
Use the NoDefault parameter in the AuthBy clauses.
Section 6.17.12 in the Radiator 2.19 reference manual.
("doc/ref.html").
regards
Hugh
On Mon, 25 Feb 2002 17:33, Stephen Davies wrote:
> Hello all,
>
> Can some please explain how I can stop Radiator checking for DEFAULT after
> getting a reject.
>
> I have two LDAP2 Authby's in my Realm with an AuthbyPolicy of
> ContinueUntilAccepted. Each AuthBy checks a different part of the LDAP
> directory tree.
>
> In my radius debugging I get the following for users that are matched in
> the first AuthBy.
>
> Mon Feb 25 14:08:27 2002: DEBUG: Handling request with Handler
> 'Realm=brightonline.com.au' Mon Feb 25 14:08:27 2002: DEBUG: Rewrote user
> name to bright
> Mon Feb 25 14:08:27 2002: DEBUG: BrightSession Deleting session for bright,
> 210.11.137.1, 20971523 Mon Feb 25 14:08:27 2002: DEBUG: Handling with
> Radius::AuthLDAP2: Customers Mon Feb 25 14:08:27 2002: INFO: Connecting to
> ldap.brightonline.com.au, port 389 Mon Feb 25 14:08:27 2002: INFO:
> Attempting to bind with cn=xxx,dc=brightonline,dc=com,dc=au, XXX(server
> ldap.brightonline.com.au:389) Mon Feb 25 14:08:27 2002: DEBUG: LDAP got
> result for uid=bright, ou=Customers, ou=People, dc=brightonline, dc=com,
> dc=au Mon Feb 25 14:08:27 2002: DEBUG: Radius::AuthLDAP2 looks for match
> with bright Mon Feb 25 14:08:27 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Mon Feb 25 14:08:27 2002: DEBUG: Access accepted for bright
>
> But if the user exists in the second entry an additional check is made for
> DEFAULT. This is a waste of traffic and resources which I dont wont.
>
> Mon Feb 25 14:07:05 2002: DEBUG: Handling request with Handler
> 'Realm=brightonline.com.au' Mon Feb 25 14:07:05 2002: DEBUG: Rewrote user
> name to dbrown
> Mon Feb 25 14:07:05 2002: DEBUG: BrightSession Deleting session for dbrown,
> 210.11.137.1, 1234 Mon Feb 25 14:07:05 2002: DEBUG: Handling with
> Radius::AuthLDAP2: Customers Mon Feb 25 14:07:05 2002: INFO: Connecting to
> ldap.brightonline.com.au, port 389 Mon Feb 25 14:07:05 2002: INFO:
> Attempting to bind with cn=xxx,dc=brightonline,dc=com,dc=au, XXX (server
> ldap.brightonline.com.au:389) Mon Feb 25 14:07:05 2002: DEBUG: No entries
> for dbrown found in LDAP database Mon Feb 25 14:07:05 2002: DEBUG:
> Radius::AuthLDAP2 looks for match with dbrown Mon Feb 25 14:07:05 2002:
> INFO: Connecting to ldap.brightonline.com.au, port 389 Mon Feb 25 14:07:05
> 2002: INFO: Attempting to bind with cn=xxx,dc=brightonline,dc=com,dc=au,
> XXX (server ldap.brightonline.com.au:389) Mon Feb 25 14:07:05 2002: DEBUG:
> No entries for DEFAULT found in LDAP database Mon Feb 25 14:07:05 2002:
> DEBUG: Handling with Radius::AuthLDAP2: Brighteam Mon Feb 25 14:07:05 2002:
> INFO: Connecting to ldap.brightonline.com.au, port 389 Mon Feb 25 14:07:05
> 2002: INFO: Attempting to bind with cn=xxx,dc=brightonline,dc=com,dc=au,
> XXX (server ldap.brightonline.com.au:389) Mon Feb 25 14:07:05 2002: DEBUG:
> LDAP got result for uid=dbrown, ou=Brighteam, ou=Administration, ou=People,
> dc=brightonline, dc=com, dc=au Mon Feb 25 14:07:05 2002: DEBUG:
> Radius::AuthLDAP2 looks for match with dbrown Mon Feb 25 14:07:05 2002:
> DEBUG: Radius::AuthLDAP2 ACCEPT:
> Mon Feb 25 14:07:05 2002: DEBUG: Access accepted for dbrown
>
> Thanks in advance.
>
> Stephen Davies
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list