(RADIATOR) (Radiator) AuthAttrDef -> LDAP attribute with ServerChecksPassword

Hugh Irvine hugh at open.com.au
Tue Jun 22 02:17:13 CDT 2004 

Hello Erwin -

You could use two AuthBy LDAP2 clauses like this:

	AuthByPolicy ContinueWhileAccept

	<AuthBy LDAP2>
		# do the attribute check
		.....
		SearchFilter .......
		.....
	</AuthBy>

	<AuthBy LDAP2>
		# do the password check
		.....
	</AuthBy>

regards

Hugh


On 21 Jun 2004, at 21:35, E J C Boon wrote:

> Hello Everyone,
>
> Im kinda newbie in Radiator and need to set up an Radius service which
> can authenticate on LDAP.
> The authentication part is not very hard, the part I have problems with
> is this.
> In the directory which is LDAP enabled the user has an attribute,
> depending on the value of that attribute the user should get access or
> not.
> First authentication by LDAP with ServerChecksPassword
> Then comparison of the LDAP attributes value.
> I tried to acccomplish that with  AuthAttrDef city,"leiden",check but
> seems not to work that way because the second value should be a radius
> attribute.
>
> Tried to find examples/know issues on the net but... No luck, only 
> thing
> I found is the LDAPsearchFilter, but that doesn't work with the
> ServerChecksPassword as I found out.
> Anyone suggestions in which direction I should look ?
>
> Below part of the config:
> <Client 127.0.0.1>
>         Secret xxxxxxxxxxxxxxx
> </Client>
>
>
> <Handler Realm=/erwin.leidenuniv.nl/>
>        RewriteUsername s/^([^@]+).*/$1/
>        RewriteUsername s/\./\_/g
>         AcctLogFileName /%L/%m-%y-Realm_Erwin.log
>         WtmpFileName /%L/wtmp
>         PasswordLogFileName /%L/Realm_Erwin_password.log
>         <AuthBy LDAP2>
>                FailureBackoffTime       760
>                ServerChecksPassword
>                Host xxx.xxx.xxx.xxx
>                BaseDN           o=services
>                Scope            sub
>                PasswordAttr     userPassword
>                UsernameAttr     cn
>                AuthAttrDef      city,"leiden",check
>                Debug            255
>         </AuthBy>
> </Handler>
>
>
> Regards,
>
> Erwin
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list