(RADIATOR) ADSI && userIsInGroup

Hugh Irvine hugh at open.com.au
Tue Dec 23 16:43:01 CST 2003 

Hello Mario -

My apologies - I did not realise that my suggestion would not work.

You might also be able to use the AuthBy LDAP2 clause instead of AuthBy 
ADSI, and define a SearchFilter that will also check the group.

You will need to define a different AuthBy LDAP2 clause for each case 
and use the AuthBy FILE to call them as I showed previously.

See section 6.35 in the Radiator 3.7.1 reference manual for details.

regards

Hugh


On 24/12/2003, at 9:01 AM, Mike McCauley wrote:

> Hello Mario,
>
>
>
> ----------  Forwarded Message  ----------
>
>
> Begin forwarded message:
>> From: "Mario Lopez" <mario at openlink.es>
>> Date: 23 December 2003 1:39:38 PM
>> To: <radiator at open.com.au>
>> Cc: <mikem at open.com.au>
>> Subject: (RADIATOR) ADSI && userIsInGroup
>>
>> Hi,
>>
>> 	I have being trying to make a per-user group authentification work
>> wih Radiador and being unsucesfull, checking the source code I have
>> read the
>> following comment in AuthADSI.pm in Radius directory in the comments
>> of the
>> "userIsInGroup" function.
>>
>> # Check if the user is in the group
>> # $user is a user name and $group is a group name
>> # REVISIT: not working properly yet: cant get the results
>> # of IsMember
>>
>> Does this mean that this issue is not working right know?!!!.
>
>
> That is correct: it is currently not available.
>
>
>>
>> I am using the following configuration:
>>
>> <AuthBy ADSI>
>> 	BindString LDAP://dc=openlink,dc=es
>> 	SearchAttribute userPrincipalName
>> 	AuthUser  %0
>> 	AuthFlags 0
>>
>> 	GroupBindString LDAP://cn=%0,ou=GruposDeAcceso,dc=openlink,dc=es
>> 	GroupUserBindString LDAP://cn=%1,cn=clientes,dc=openlink,dc=es
>> </AuthBy>
>>
>> <AuthBy FILE>
>> 	Identifier Usuarios
>> </AuthBy>
>>
>> <Handler Realm=openlink.es>
>> 	AuthBy Usuarios
>> </Handler>
>>
>>
>> And the "usuarios file" is this one:
>>
>> DEFAULT Auth-Type=ADSI, Group="OpenLink-128-128"
>>         WISPr-Bandwidth-Max-Down = 131072,
>>         WISPr-Bandwidth-Max-Up = 131072
>>
>> Any suggestions of what could I do?
>>
>> I have the following Active Directory schema, two OU named "Clientes"
>> and
>> "GruposDeAcceso", users are in "Clientes" OU, and access groups that
>> determine specific VSA sending are in "GruposDeAcceso" VSA.
>>
>> Any idea?
>>
>> Perhaps using proxy to another RADIUS?
>>
>> I am starting to get desperate.
>>
>> P.D: Please do not tell me to read secion 6.4 on ref.html, I have read
>> it,
>> and reread it, followed the examples in ref.html and in goodies
>> directory
>> and I cannot get it to work.
>>
>> Thanks!
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> -------------------------------------------------------
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list