(RADIATOR) LSA and reply attributes

Hugh Irvine hugh at open.com.au
Wed Jun 15 18:52:39 CDT 2005 

Hello Jose -

You can add "NoEAP" to the AuthBy LDAP2 clause.

It would probably also make sense to use two separate Handlers as  
shown in some of the examples in "goodies/eap_*.cfg".

regards

Hugh


On 15 Jun 2005, at 22:58, Jose Maria Fernandez wrote:

> Hugh Irvine escribió:
>
>
>>
>> Hello Jose -
>>
>> As the AuthBy LSA clause only does authentication, you will  
>> probably  need to use an AuthBy LDAP clause as well to get the  
>> Profile attribute.
>>
>> Something like this:
>>
>>         AuthByPolicy ContinueAlways
>>
>>         <AuthBy LDAP2>
>>                 # get the Profile attribute
>>                 .....
>>         </AuthBy>
>>
>>         <AuthBy LSA>
>>                 # do the authentication
>>                 .....
>>         </AuthBy>
>>
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>> On 14 Jun 2005, at 20:00, Jose Maria Fernandez wrote:
>>
>>
>>> Hi all,
>>>
>>> Does anybody know how can I send reply attributes using Authby LSA?.
>>> We have an extended schema in AD, and one of the extended   
>>> attributes is a Profile attribute. We like to use this attribute  
>>> to  return a reply attribute Class, in order to assign IPs,  
>>> Vlans, etc  in our NASs. We know it is posible using LDAP  
>>> authentication, SQL  authentication, but we want to use TTLS (PAP/ 
>>> TTLS, no problem with  LDAP) and PEAP too. The best way to use  
>>> PEAP is Authby LSA, but how  about reply attributes...?
>>>
>>> Thanks in advance,
>>>
>>> Jose Maria Fernandez
>>> Universidad de Oviedo
>>>
>>> -- 
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/ radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>>
> Hello Hugh,
>
> I was trying to do it the way you say, but the problem i found is  
> that the Access-Request is using EAP.
> If I use the authby method in the way you said, the LDAP doesn´t  
> accept the packet. If I do first the LSA, it finds the  EAP and  
> instead the call again the handler to process the inner method, it  
> continues with LDAP2, and the reject occurs again. In LDAP2, i use  
> the parameter.
> Do you know how can I do it?.
>
> Thanks in advance,
>
> Jose Maria Fernandez
> Universidad de Oviedo
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list