(RADIATOR) CLI auth using LDAP

Hugh Irvine hugh at open.com.au
Sat Sep 13 17:39:46 CDT 2003 

Hello Deen -

We will need to see a trace 4 debug from Radiator showing what is  
happening.

regards

Hugh


On Sunday, Sep 14, 2003, at 11:04 Australia/Melbourne, deen wrote:

>  
> Hi List,
>  
> What I am trying to do is, authenticate a user CLI appearing in the  
> RADIUS Auth records, against his telephone number residing in LDAP,  
> rather than username/password. I have seen a sample in the ldap.cfg in  
> the goodies directory and was checking. Following is what I have in my  
> cfg file.
>  
> This does not work, and the line drops at authentication. I am using a  
> Cisco AS 5300. Please tell me what I am missing. I have tested the > LDAP
> with normal username/password and it works.
>  
> Thanks
>  
>  Deen
>  
>
> <Realm DEFAULT>
>
>        <AuthBy LDAP2>
>
>                Host           localhost
>
>                                                                         
>      
>
>                Port           389
>
>  
>
>            Version 3
>
>                                                                         
>      
>
>                AuthDN         cn=Manager,dc=slt,dc=lk
>
>                AuthPassword    xxx
>
>                                                                         
>      
>
>                # The base DN at which to start the search
>
>                BaseDN         dc=slt,dc=lk
>
> #UsernameAttr   uid
>
> #PasswordAttr   userPassword
>
>  
>
> #Framed-Protocol = PPP,\
>
> #Framed-IP-Netmask = 255.255.255.255,\
>
> #Framed-Routing = None,\
>
> #Framed-MTU = 1500,\
>
> #Framed-Compression = Van-Jacobson-TCP-IP
>
> ## Old Stuff ##
>
>                # This will check Calling-Station_id against
>
>                # LDAP attribute mobile
>
>                Identifier Check-LDAP-telephoneNumber
>
>              # Identifier telephoneNumber
>
>              # Calling-Station-Id is used to search
>
>              # instead of UsernameAttr and PasswordAttr
>
>                SearchFilter (telephoneNumber=%{Calling-Station-Id})
>
>                NoDefaultIfFound
>
> AddToReply Framed-Protocol = PPP,\
>
> Service-Type = Framed-User
>
> ## Old Stuff ##
>
> </AuthBy>
>
> etc.
>
>  
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list