(RADIATOR) Multiple authenticators - different attributes to return ...

Dunster, Jon Jon.Dunster at chichester.ac.uk
Mon Jun 21 05:03:06 CDT 2004


I thought that we tried this before and the attributes never got returned ?

I will try again though.

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: 18 June 2004 08:46
To: Dunster, Jon
Cc: 'radiator at open.com.au' Mailinglist
Subject: Re: (RADIATOR) Multiple authenticators - different attributes
to return ...



Hello Jon -

You should probably just use an AddToReply in each AuthBy - only the 
one that accepts will have the reply attributes added.

Ie.

	AuthByPolicy ContinueUntilAccept

	<AuthBy LDAP2>
		.....
		AddToReply .....
	</AuthBy>

	<AuthBy ADSI>
		.....
		AddToReply .....
	</AuthBy>

	<AuthBy RADIUS>
		.....
		AddToReply .....
	</AuthBy>

Note that the AuthBy RADIUS clause _must_ be the last one in the list.

regards

Hugh


On 18 Jun 2004, at 00:44, Dunster, Jon wrote:

> In a PEAP environment can anyone give me an idea how I might approach
> returning different attributes dependant on which of the authentication
> methods (ie. LDAP/RADIUS/NDS etc etc) succeeds ?
>
> I've tried the 'continuewhilereject'or similar method listing Authbys 
> and
> whilst that works to authenticate it doesn't work with the return of 
> the
> attributes to the AP.
>
> The idea is that I've two LDAP servers (one for each VLAN, 
> effectively) and
> want to set up the 802.1x PEAP client machine vlan based on which it
> successfully authenticates against.
>
> Any ideas appreciated!
>
> Thanks,
>
> Jon
>
>
>
> -----
> This e-mail and any attachments contain information which is 
> confidential
> and privileged.  The information is intended only for the use of the
> individual or entity to whom it is addressed.  If you are not the 
> intended
> recipient you are hereby notified that any disclosure, copying, 
> distribution
> or the taking of any action in reliance on the contents of this e-mail 
> is
> strictly prohibited.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



----- 
This e-mail and any attachments contain information which is confidential
and privileged.  The information is intended only for the use of the
individual or entity to whom it is addressed.  If you are not the intended
recipient you are hereby notified that any disclosure, copying, distribution
or the taking of any action in reliance on the contents of this e-mail is
strictly prohibited.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list