Fwd: (RADIATOR) Problem with AuthBy ADSI & GroupUserBindString

Hugh Irvine hugh at open.com.au
Sun Jan 13 21:44:46 CST 2002


Hello Alan -

There is a bug in the AuthADSI.pm module which will be fixed in the next 
release, however in the meantime you can use "%0" instead of "%{User-Name}".

regards

Hugh


> >
> > Subject: (RADIATOR) Problem with AuthBy ADSI & GroupUserBindString
> > Date: Sat, 12 Jan 2002 11:43:54 -0800 (PST)
> > From: Alan Attard <alan.attard at ymcamail.com>
> > To: radiator at open.com.au
> >
> > I'm finding some problems with GroupUserBindString. It seems that it is
> > not replacing %{User-Name} with its value, which is being updated from
> > the PreAuthHook. The %{User-Name} works fine with AuthUser & BindString.
> >
> > Configuration:
> > <Client 10.0.0.1>
> > 	Secret ********
> > 	Identifier PIX_Auth
> > </Client>
> >
> > <AuthBy ADSI>
> > 	Identifier AD_Auth
> >
> > 	BindString LDAP://Radiator/%{User-Name}
> > 	AuthUser %{User-Name}
> > 	AuthFlags 0
> >
> > 	GroupBindString LDAP://Radiator/CN=%0,OU=Govnet,DC=radius,DC=test,DC=com
> > 	GroupUserBindString LDAP://Radiator/%{User-Name}
> >
> > 	DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> > </AuthBy ADSI>
> >
> > <Handler Client-Identifier=PIX_Auth>
> > 	PreAuthHook file:"config/adsi_user.hook"
> >
> > 	<AuthBy FILE>
> > 		Filename config/groups.txt
> > 	</AuthBy>
> > </Handler>
> >
> > Debug:
> > Sat Jan 12 20:12:14 2002: DEBUG: Handling with Radius::AuthFILE:
> > Sat Jan 12 20:12:14 2002: DEBUG: Radius::AuthFILE looks for match with
> >  attaa025 Sat Jan 12 20:12:14 2002: DEBUG: Radius::AuthFILE looks for
> > match with DEFAULT Sat Jan 12 20:12:14 2002: DEBUG: Handling with ASDI
> > Sat Jan 12 20:12:14 2002: DEBUG: BindString converted to
> >  LDAP://Radiator/CN=atta a025,OU=Govnet,DC=radius,DC=test,DC=com
> > Sat Jan 12 20:12:14 2002: DEBUG: AuthUser converted to
> >  CN=attaa025,OU=Govnet,DC= radius,DC=test,DC=com
> > Sat Jan 12 20:12:14 2002: DEBUG: GroupBindString converted to
> >  LDAP://Radiator/CN =FullTimeHTTP,OU=Govnet,DC=radius,DC=test,DC=com
> > Sat Jan 12 20:12:14 2002: DEBUG: GroupUserBindString converted to
> >  LDAP://Radiato r/
> > Sat Jan 12 20:12:14 2002: DEBUG: Radius::AuthFILE REJECT: User attaa025
> > is not i n Group FullTimeHTTP
> >
> >
> > Thanks,
> >
> > Alan Attard
> >
> > _____________________________________________________________
> > YMCAMAIL • YOUR MAIL COMING SOON --->
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> > -------------------------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list