(RADIATOR) Auth-Type and LDAP

Enrique Diez Enrique.Diez at dvc.es
Mon Jan 27 07:24:27 CST 2003


Hi All,
I would like to know if there is an LDAP-Attribute (customized or
standarized) in order to define the kind of authentication required for an
user entry.
For example, a user LDAP entry can be validated by the Radiator Radius
Server via /etc/unix/password or a remote radius or ACE/SERVER according to
the value of an "Auth-type" LDAP attribute.
Another question is : where can I get the perl script for installing the
Authen-ACE module? I would like to test interoperability with ACE/SERVER.

Can I get some help from this marvellous mailing list:))

Regards,
Enrique

-----Mensaje original-----
De: Enrique Diez Fernandez [mailto:enrique.diez at dvc.es]
Enviado el: viernes, 24 de enero de 2003 20:03
Para: radiator at open.com.au
Asunto:

Hi All,
I am trying to configure my radiator radius server in order to check an ldap
entry and verify an attribute of that server.
I want to check if the attribute "authmethod" value is "ace" or "none". In
case of "ace", I want the server to reject the authentication request.
The configuration of the server is below:
"       <AuthBy LDAP2>
                Host            192.168.70.134
                Port            389
                AuthDN cn=Directory Manager
#               AuthPassword    yourADadminpasswordhere
                AuthPassword    qwerty123
                BaseDN          ou=area3,o=davinci,st=Madrid,c=es
                UsernameAttr uid
                PasswordAttr userPassword
                AuthAttrDef     authmethod,NO-ACE-Server,check
        </AuthBy>
".

I have added to the user config file the line :
 DEFAULT NO-ACE-Server = "none".

I have added to the "Check items" in the dictionary file the following line:
" ATTRIBUTE     NO-ACE-Server           90480019        string"

When I tried to access, with the user = Albertoj which authmethod value =
ace, I would like to get an accept-request response from the radius but I
got the following debug:
" Code:       Access-Request
Identifier: 2
Authentic:        1043434427
Attributes:
        User-Name = "albertoj"
        User-Password =
"oPW<204><169><11>1f<23>=<164><26><29><224><182><179>"

Fri Jan 24 19:53:47 2003: DEBUG: Handling request with Handler 'Realm='
Fri Jan 24 19:53:47 2003: DEBUG:  Deleting session for albertoj,
192.168.70.11

Fri Jan 24 19:53:47 2003: DEBUG: Handling with Radius::AuthLDAP2:
Fri Jan 24 19:53:47 2003: INFO: Connecting to 192.168.70.134, port 389
Fri Jan 24 19:53:47 2003: INFO: Attempting to bind with cn=Directory
Manager,
erty123 (server 192.168.70.134:389)
Fri Jan 24 19:53:47 2003: DEBUG: LDAP got result for cn=Alberto
Juarez,ou=area
o=davinci,st=Madrid,c=es
Fri Jan 24 19:53:47 2003: DEBUG: LDAP got userPassword:
{SSHA}VpP5xc7VlLwrp0mF
5kaCC6eGPuPU8wq34ffw==
Fri Jan 24 19:53:47 2003: DEBUG: LDAP got authmethod: ace
Fri Jan 24 19:53:47 2003: DEBUG: Radius::AuthLDAP2 looks for match with
albert

Fri Jan 24 19:53:47 2003: DEBUG: Radius::AuthLDAP2 REJECT: Check item
NO-ACE-S
ver expression 'ace' does not match '' in request
Fri Jan 24 19:53:47 2003: INFO: Connecting to 192.168.70.134, port 389
Fri Jan 24 19:53:47 2003: INFO: Attempting to bind with cn=Directory
Manager,
erty123 (server 192.168.70.134:389)
Fri Jan 24 19:53:47 2003: DEBUG: No entries for DEFAULT found in LDAP
database
Fri Jan 24 19:53:47 2003: INFO: Access rejected for albertoj: Check item
NO-AC
Server expression 'ace' does not match '' in request
Fri Jan 24 19:53:47 2003: DEBUG: Packet dump:
*** Sending to 192.168.70.116 port 1221 ....
Code:       Access-Reject
Identifier: 2
Authentic:        1043434427
Attributes:
        Reply-Message = "Request Denied""


Is there anything I am missing?

Any documentation about the LDAP documentation checks?

Regards,
Enrique

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list