(RADIATOR)

Enrique Diez Enrique.Diez at dvc.es
Fri Jan 24 13:03:21 CST 2003 

Hi All,
I am trying to configure my radiator radius server in order to check an ldap
entry and verify an attribute of that server.
I want to check if the attribute "authmethod" value is "ace" or "none". In
case of "ace", I want the server to reject the authentication request.
The configuration of the server is below:
"       <AuthBy LDAP2>
                Host            192.168.70.134
                Port            389
                AuthDN cn=Directory Manager
#               AuthPassword    yourADadminpasswordhere
                AuthPassword    qwerty123
                BaseDN          ou=area3,o=davinci,st=Madrid,c=es
                UsernameAttr uid
                PasswordAttr userPassword
                AuthAttrDef     authmethod,NO-ACE-Server,check
        </AuthBy>
".

I have added to the user config file the line :
 DEFAULT NO-ACE-Server = "none".

I have added to the "Check items" in the dictionary file the following line:
" ATTRIBUTE     NO-ACE-Server           90480019        string"

When I tried to access, with the user = Albertoj which authmethod value =
ace, I would like to get an accept-request response from the radius but I
got the following debug:
" Code:       Access-Request
Identifier: 2
Authentic:        1043434427
Attributes:
        User-Name = "albertoj"
        User-Password =
"oPW<204><169><11>1f<23>=<164><26><29><224><182><179>"

Fri Jan 24 19:53:47 2003: DEBUG: Handling request with Handler 'Realm='
Fri Jan 24 19:53:47 2003: DEBUG:  Deleting session for albertoj,
192.168.70.11

Fri Jan 24 19:53:47 2003: DEBUG: Handling with Radius::AuthLDAP2:
Fri Jan 24 19:53:47 2003: INFO: Connecting to 192.168.70.134, port 389
Fri Jan 24 19:53:47 2003: INFO: Attempting to bind with cn=Directory
Manager,
erty123 (server 192.168.70.134:389)
Fri Jan 24 19:53:47 2003: DEBUG: LDAP got result for cn=Alberto
Juarez,ou=area
o=davinci,st=Madrid,c=es
Fri Jan 24 19:53:47 2003: DEBUG: LDAP got userPassword:
{SSHA}VpP5xc7VlLwrp0mF
5kaCC6eGPuPU8wq34ffw==
Fri Jan 24 19:53:47 2003: DEBUG: LDAP got authmethod: ace
Fri Jan 24 19:53:47 2003: DEBUG: Radius::AuthLDAP2 looks for match with
albert

Fri Jan 24 19:53:47 2003: DEBUG: Radius::AuthLDAP2 REJECT: Check item
NO-ACE-S
ver expression 'ace' does not match '' in request
Fri Jan 24 19:53:47 2003: INFO: Connecting to 192.168.70.134, port 389
Fri Jan 24 19:53:47 2003: INFO: Attempting to bind with cn=Directory
Manager,
erty123 (server 192.168.70.134:389)
Fri Jan 24 19:53:47 2003: DEBUG: No entries for DEFAULT found in LDAP
database
Fri Jan 24 19:53:47 2003: INFO: Access rejected for albertoj: Check item
NO-AC
Server expression 'ace' does not match '' in request
Fri Jan 24 19:53:47 2003: DEBUG: Packet dump:
*** Sending to 192.168.70.116 port 1221 ....
Code:       Access-Reject
Identifier: 2
Authentic:        1043434427
Attributes:
        Reply-Message = "Request Denied""


Is there anything I am missing?

Any documentation about the LDAP documentation checks?

Regards,
Enrique


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list