(RADIATOR) AuthBy ADSI configuration
DUFOUR Geoffrey
Geoffrey.DUFOUR at staff.win.be
Thu Aug 28 04:17:16 CDT 2003
Hello Hugh,
It does not work (I get an Access-Reject).
You will find hereafter DEBUG information for several configurations :
With the "BindString LDAP://myserver/SAMAccountName=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com ..." parameter :
============DEBUG==============
Thu Aug 28 10:38:08 2003: DEBUG: BindString converted to LDAP://myserver/SAMAccountName=geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com
Thu Aug 28 10:38:08 2003: DEBUG: AuthUser converted to geoffrey
Thu Aug 28 10:38:08 2003: DEBUG: Connecting to namespace: LDAP:
Thu Aug 28 10:38:09 2003: DEBUG: Running OpenDSObject on LDAP://myserver/SAMAccountName=geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com
Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad
password" in METHOD/PROPERTYGET "OpenDSObject" at C:/Perl/site/lib/Radius/AuthADSI.pm line 133
Thu Aug 28 10:38:09 2003: DEBUG: Could not get user object: Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject"
Thu Aug 28 10:38:09 2003: INFO: Access rejected for geoffrey: Could not find user
============/DEBUG=============
With :
SearchAttribute SAMAccountName
BindString LDAP://myserver/DC=staff,DC=mycompany,DC=com
AuthUser %0
AuthFlags 0
============DEBUG==============
Thu Aug 28 10:47:43 2003: DEBUG: Handling with ASDI
Thu Aug 28 10:47:43 2003: DEBUG: BindString converted to LDAP://myserver/DC=staff,DC=mycompany,DC=com
Thu Aug 28 10:47:43 2003: DEBUG: AuthUser converted to geoffrey
Thu Aug 28 10:47:43 2003: DEBUG: Starting ADODB search for SAMAccountName = geoffrey
OLE exception from "ADODB.Command": Object or provider is not capable of performing requested operation.
Win32::OLE(0.1601) error 0x800a0cb3in METHOD/PROPERTYGET "" at C:/Perl/site/lib/Radius/AuthADSI.pm line 372
Thu Aug 28 10:47:44 2003: DEBUG: User found at LDAP://CN=DUFOUR Geoffrey, OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com
Thu Aug 28 10:47:44 2003: DEBUG: Connecting to namespace: LDAP:
Thu Aug 28 10:47:44 2003: DEBUG: Running OpenDSObject on LDAP://CN=DUFOUR Geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject" at C:/Perl/site/lib/Radius/AuthADSI.pm line 133
Thu Aug 28 10:47:44 2003: DEBUG: Could not get user object: Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject"
Thu Aug 28 10:47:44 2003: INFO: Access rejected for geoffrey: Could not find user
============/DEBUG==============
Any ideas ?
Btw, I can't find any information related to the SearchAttribute parameter in the reference manual. Does that mean that some additional documents are available ?
Thanks for your help.
Regards.
Geoffrey
-----Message d'origine-----
De : Hugh Irvine [mailto:hugh at open.com.au]
Envoyé : jeudi 28 août 2003 5:26
À : DUFOUR Geoffrey
Cc : radiator at open.com.au
Objet : Re: (RADIATOR) AuthBy ADSI configuration
Hello Geoffrey -
To do what you describe you should change "CN=%0" to
"samaccountname=%0".
I am not quite sure what your requirements are for VPDN users - can you
clarify?
For a detailed description of the AuthBy ADSI clause please see section
6.40 in the Radiator 3.6 reference manual ("doc/ref.html").
regards
Hugh
On Wednesday, Aug 27, 2003, at 23:44 Australia/Melbourne, DUFOUR
Geoffrey wrote:
> Hello,
>
> I would like to authenticate users using <AuthBy ADSI>. It works fine
> with the following configuration :
>
> BindString
> LDAP://myserver/
> CN=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=
> com
> AuthUser %0
> AuthFlags 0
>
> This configuration sample shows that the username is bound to the CN
> (common name). I need the username to be bound to the attribute
> samaccountname.
>
> In fact I need to allow VPDN users to use the same parameters (username
> and password) both to log on the domain and for VPDN access.
>
> How can I handle this ?
>
> I am quite new to AD, could you please clarify the difference between
> BindString parameter and AuthUser parameter.
>
> Regards.
>
> Geoffrey
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list