Fwd: (RADIATOR) ADSI && userIsInGroup

Mike McCauley mikem at open.com.au
Tue Aug 24 01:15:15 CDT 2004 

Hello Mike,

thanks for your note.

We have now posted a patch that fixes this problem and lets you use per-user 
check items with AuthBy ADSI, in the form

	Group="CN=group name"

You should note that AuthBy ADSI always has supported (and still supports) the 
ability to force a group check on _every_ user authenticated with that AuthBy 
ADSI clause, using the CheckGroup parameter (see the example config file 
adsi.cfg for syntax). 

The new support added by this patch allows you to make this check on a 
per-user basis too. The GroupBindString and GroupUserBindString parameters 
are now obsolete.

The patch is in the latest Radiator 3.9 patch set.

Hope that helps.
Cheers.

On Tuesday 24 August 2004 01:31, Petrusis, Mike wrote:
> We recently purchased Radiator 3.9 and I notice that this comment is still
> in AuthADSI.pm, does this mean the problem is still not fixed?
>
> If not any ideas on when it might be fixed?
>
>
> ----------  Forwarded Message  ----------
> • From: Mike McCauley
> • Subject: Fwd: (RADIATOR) ADSI && userIsInGroup
> • Date: Tue, 23 Dec 2003 15:16:10 -0800
> ________________________________________
> Hello Mario,
>
>
>
> ----------  Forwarded Message  ----------
>
> Begin forwarded message:
> > From: "Mario Lopez" <[EMAIL PROTECTED]>
> > Date: 23 December 2003 1:39:38 PM
> > To: <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Subject: (RADIATOR) ADSI && userIsInGroup
> >
> > Hi,
> >
> >       I have being trying to make a per-user group authentification work
> > wih Radiador and being unsucesfull, checking the source code I have
> > read the
> > following comment in AuthADSI.pm in Radius directory in the comments
> > of the
> > "userIsInGroup" function.
> >
> > # Check if the user is in the group
> > # $user is a user name and $group is a group name
> > # REVISIT: not working properly yet: cant get the results
> > # of IsMember
> >
> > Does this mean that this issue is not working right know?!!!.
>
> That is correct: it is currently not available.
>
> > I am using the following configuration:
> >
> > <AuthBy ADSI>
> >       BindString LDAP://dc=openlink,dc=es
> >       SearchAttribute userPrincipalName
> >       AuthUser  %0
> >       AuthFlags 0
> >
> >       GroupBindString LDAP://cn=%0,ou=GruposDeAcceso,dc=openlink,dc=es
> >       GroupUserBindString LDAP://cn=%1,cn=clientes,dc=openlink,dc=es
> > </AuthBy>
> >
> > <AuthBy FILE>
> >       Identifier Usuarios
> > </AuthBy>
> >
> > <Handler Realm=openlink.es>
> >       AuthBy Usuarios
> > </Handler>
> >
> >
> > And the "usuarios file" is this one:
> >
> > DEFAULT Auth-Type=ADSI, Group="OpenLink-128-128"
> >         WISPr-Bandwidth-Max-Down = 131072,
> >         WISPr-Bandwidth-Max-Up = 131072
> >
> > Any suggestions of what could I do?
> >
> > I have the following Active Directory schema, two OU named "Clientes"
> > and
> > "GruposDeAcceso", users are in "Clientes" OU, and access groups that
> > determine specific VSA sending are in "GruposDeAcceso" VSA.
> >
> > Any idea?
> >
> > Perhaps using proxy to another RADIUS?
> >
> > I am starting to get desperate.
> >
> > P.D: Please do not tell me to read secion 6.4 on ref.html, I have read
> > it,
> > and reread it, followed the examples in ref.html and in goodies
> > directory
> > and I cannot get it to work.
> >
> > Thanks!
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> -------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list