(RADIATOR) AuthBy ADSI configuration

DUFOUR Geoffrey Geoffrey.DUFOUR at staff.win.be
Thu Aug 28 04:17:16 CDT 2003 

Hello Hugh,

It does not work (I get an Access-Reject).

You will find hereafter DEBUG information for several configurations :

With the "BindString LDAP://myserver/SAMAccountName=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com ..." parameter :

============DEBUG==============

Thu Aug 28 10:38:08 2003: DEBUG: BindString converted to LDAP://myserver/SAMAccountName=geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com
Thu Aug 28 10:38:08 2003: DEBUG: AuthUser converted to geoffrey
Thu Aug 28 10:38:08 2003: DEBUG: Connecting to namespace: LDAP:
Thu Aug 28 10:38:09 2003: DEBUG: Running OpenDSObject on LDAP://myserver/SAMAccountName=geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com
Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad
password" in METHOD/PROPERTYGET "OpenDSObject" at C:/Perl/site/lib/Radius/AuthADSI.pm line 133
Thu Aug 28 10:38:09 2003: DEBUG: Could not get user object: Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject"
Thu Aug 28 10:38:09 2003: INFO: Access rejected for geoffrey: Could not find user

============/DEBUG=============

With :

SearchAttribute SAMAccountName
BindString LDAP://myserver/DC=staff,DC=mycompany,DC=com
AuthUser %0
AuthFlags 0

============DEBUG==============

Thu Aug 28 10:47:43 2003: DEBUG: Handling with ASDI
Thu Aug 28 10:47:43 2003: DEBUG: BindString converted to LDAP://myserver/DC=staff,DC=mycompany,DC=com
Thu Aug 28 10:47:43 2003: DEBUG: AuthUser converted to geoffrey
Thu Aug 28 10:47:43 2003: DEBUG: Starting ADODB search for SAMAccountName = geoffrey
OLE exception from "ADODB.Command": Object or provider is not capable of performing requested operation.
Win32::OLE(0.1601) error 0x800a0cb3in METHOD/PROPERTYGET "" at C:/Perl/site/lib/Radius/AuthADSI.pm line 372
Thu Aug 28 10:47:44 2003: DEBUG: User found at LDAP://CN=DUFOUR Geoffrey, OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com
Thu Aug 28 10:47:44 2003: DEBUG: Connecting to namespace: LDAP:
Thu Aug 28 10:47:44 2003: DEBUG: Running OpenDSObject on LDAP://CN=DUFOUR Geoffrey,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=com Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject" at C:/Perl/site/lib/Radius/AuthADSI.pm line 133
Thu Aug 28 10:47:44 2003: DEBUG: Could not get user object: Win32::OLE(0.1601) error 0x8007052e: "Logon failure: unknown user name or bad password" in METHOD/PROPERTYGET "OpenDSObject"
Thu Aug 28 10:47:44 2003: INFO: Access rejected for geoffrey: Could not find user

============/DEBUG==============

Any ideas ?

Btw, I can't find any information related to the SearchAttribute parameter in the reference manual. Does that mean that some additional documents are available ? 

Thanks for your help.

Regards.

Geoffrey

-----Message d'origine-----
De : Hugh Irvine [mailto:hugh at open.com.au] 
Envoyé : jeudi 28 août 2003 5:26
À : DUFOUR Geoffrey
Cc : radiator at open.com.au
Objet : Re: (RADIATOR) AuthBy ADSI configuration


Hello Geoffrey -

To do what you describe you should change "CN=%0" to  
"samaccountname=%0".

I am not quite sure what your requirements are for VPDN users - can you  
clarify?

For a detailed description of the AuthBy ADSI clause please see section  
6.40 in the Radiator 3.6 reference manual ("doc/ref.html").

regards

Hugh


On Wednesday, Aug 27, 2003, at 23:44 Australia/Melbourne, DUFOUR  
Geoffrey wrote:

> Hello,
>
> I would like to authenticate users using <AuthBy  ADSI>. It works fine
> with the following configuration :
>
> BindString
> LDAP://myserver/ 
> CN=%0,OU=Marketing,OU=Employee,DC=staff,DC=mycompany,DC=
> com
> AuthUser %0
> AuthFlags 0
>
> This configuration sample shows that the username is bound to the CN
> (common name). I need the username to be bound to the attribute
> samaccountname.
>
> In fact I need to allow VPDN users to use the same parameters (username
> and password) both to log on the domain and for VPDN access.
>
> How can I handle this ?
>
> I am quite new to AD, could you please clarify the difference between
> BindString parameter and AuthUser parameter.
>
> Regards.
>
> Geoffrey
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list