(RADIATOR) Question about AuthBy ADSI

Steve Caporossi capoross at musc.edu
Wed Jul 30 11:29:46 CDT 2003


Hugh,
Layers 8 & 9 prevent me from running Radiator on anything but a Linux 
box, I have no bias. :-)

I am not very familiar with AD.  My understanding is that policies can 
be managed for users, machines, etc.  In our environment, we are mapping 
drives and limiting machines/user rights to resources.  We would like 
for these policies to be passed down from the AD server.

In the meantime...I have been trying to get it working via LDAP2.

Unfortunately, I must be missing something because it does not look like 
AuthBy LDAP 2 is ever being used.

I attached my config and a debug of an attempt to connect from a machine 
logging into the domain.  Can you tell me what I am missing?

Notice that I have the Tunnelled by TTLS and PEAP commented out, *do 
not* have an anonymous user in my password file, but, I can authenticate 
wireless users via TTLS sucessfully.  Am I mistaken or should this be 
happening? - Just not those trying to authenticate to the domain.

Thanks,
Steve

Hugh Irvine wrote:

> 
> Hello Steve -
> 
> You can use the AuthBy RADIUS clause to forward radius requests to a 
> remote radius server. The exact configuration will depend on what else 
> you are already doing in your configuration file. I am not sure I 
> understand what you mean by "domain policies" - can you give me a bit 
> more detail?
> 
> BTW - Radiator runs just fine on W2K server.
> 
> regards
> 
> Hugh
> 
> 
> On Thursday, Jul 24, 2003, at 00:44 Australia/Melbourne, Steve Caporossi 
> wrote:
> 
>> Running radiator on a W2K server does not appear to be an option for 
>> us...I need to forward any domain logins ie, domain\username to a 
>> Windows radius server, but only if they try to login to the domain.  
>> Has anyone done this and be willing to share their methodology?
>>
>> Can the domain policies be passed down to the machine as well using 
>> AuthBy LDAP, AuthBy Radius or AuthBy NT?   Are there any advantages, 
>> or disadvantages, between these?
>>
>> Thanks,
>> Steve
>>
>> Hugh Irvine wrote:
>>
>>> Hello Steve -
>>> Correct. AuthBy ADSI and the new AuthBy LSA clauses are only 
>>> supported on recent Windows releases.
>>> You can either try the AuthBy NT clause, or you can run an instance 
>>> of Radiator on the Windows host and proxy requests to it.
>>> You will find details on AuthBy NT in section 6.27 of the manual 
>>> ("doc/ref.html").
>>> regards
>>> Hugh
>>> On Wednesday, Jul 23, 2003, at 06:13 Australia/Melbourne, Steve 
>>> Caporossi wrote:
>>>
>>>> I am running radiator 3.6 (fully patched) on RH7.3 and need to tie 
>>>> into AD for domain login and username/password checking.  In the 
>>>> reference manual section 6.40 <AuthBy ADSI> it has the statement,
>>>>
>>>> <snip>
>>>> It is only available on Windows 2000 platforms. It is implemented in 
>>>> AuthADSI.pm"
>>>> </snip>
>>>>
>>>> I am a little confused...does this mean that radiator needs to be 
>>>> running on W2K?
>>>>
>>>> Thanks,
>>>> -- 
>>>> Steve
>>>>
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>> NB: have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>
>>
>> -- 
>> Steve Caporossi
>> Network Systems Engineer
>> Center for Computing and Information Technology
>> Medical University of South Carolina
>> 843.876.5083
>>
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
> 
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 

-- 
Steve Caporossi
Network Systems Engineer
Center for Computing and Information Technology
Medical University of South Carolina
843.876.5083
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius-confg-trace4.log
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030730/7be9a1be/attachment.ksh>


More information about the radiator mailing list