(RADIATOR) AuthBy LSA and group membership check

Mike McCauley mikem at open.com.au
Thu Apr 1 15:51:41 CST 2004


Hello Mark,


On Fri, 2 Apr 2004 03:14 am, Motley, Mark wrote:
> Hello,
>
> Right now our production systems use the Authby ADSI to authenticate
> iPass/VPN users against our Active Directory infrastructure.  One of our
> requirements is the ability to verify group membership in order to
> authenticate... in other words, we put iPass/VPN users in an AD group to
> authorize them for access.
>
> Now we are testing 802.11b wireless with PEAP.  I have it working just fine
> with a Cisco Aironet 1200 AP with the AuthBy LSA (I was not able to get it
> working with Authby ADSI because of the MS-CHAPv2 issue).
>
> My question is two-fold:
>
> 1)  Is there any way to check for group membership via the Authby LSA
> module?  I don't think there is... so...

At present, you are correct: AuthBy LSA only checks passwords, not group 
membership.

> 2)  Is there any source and/or API reference for the Win32::LSA Perl
> module? I do not mind modifying the code, as I was the one that submitted
> the group check code for the Authby ADSI module, but without some reference
> points I don't know where to start.

The Win32-Lsa code was developed by us. It uses the Windows API calls 

LsaRegisterLogonProcess
LsaLookupAuthenticationPackage
LsaLogonUser

to validate passwords in a variety of formats.

We may be able to make the source code for this module available to you on a 
strict confidentiality basis, and provided you will make available to us any 
modifications you care to make. We expect that this module will be made 
available publically soon.

Cheers.




>
>
> Thanks in advance....
>
> - MBM
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list