(RADIATOR) LSA and reply attributes

Jose Maria Fernandez chema at uniovi.es
Wed Jun 15 07:58:45 CDT 2005


Hugh Irvine escribió:

>
> Hello Jose -
>
> As the AuthBy LSA clause only does authentication, you will probably  
> need to use an AuthBy LDAP clause as well to get the Profile attribute.
>
> Something like this:
>
>         AuthByPolicy ContinueAlways
>
>         <AuthBy LDAP2>
>                 # get the Profile attribute
>                 .....
>         </AuthBy>
>
>         <AuthBy LSA>
>                 # do the authentication
>                 .....
>         </AuthBy>
>
>
> hope that helps
>
> regards
>
> Hugh
>
>
> On 14 Jun 2005, at 20:00, Jose Maria Fernandez wrote:
>
>> Hi all,
>>
>> Does anybody know how can I send reply attributes using Authby LSA?.
>> We have an extended schema in AD, and one of the extended  attributes 
>> is a Profile attribute. We like to use this attribute to  return a 
>> reply attribute Class, in order to assign IPs, Vlans, etc  in our 
>> NASs. We know it is posible using LDAP authentication, SQL  
>> authentication, but we want to use TTLS (PAP/TTLS, no problem with  
>> LDAP) and PEAP too. The best way to use PEAP is Authby LSA, but how  
>> about reply attributes...?
>>
>> Thanks in advance,
>>
>> Jose Maria Fernandez
>> Universidad de Oviedo
>>
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/ 
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
Hello Hugh,

I was trying to do it the way you say, but the problem i found is that 
the Access-Request is using EAP.
If I use the authby method in the way you said, the LDAP doesn´t accept 
the packet. If I do first the LSA, it finds the  EAP and instead the 
call again the handler to process the inner method, it continues with 
LDAP2, and the reject occurs again. In LDAP2, i use the parameter.
Do you know how can I do it?.

Thanks in advance,

Jose Maria Fernandez
Universidad de Oviedo

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list