(RADIATOR) authby LSA - active directory groups

DELORT Stephane Stephane.DELORT at murex.com
Mon Jun 20 08:56:31 CDT 2005


I made some tests in order to round/solve the problem.

Using the included script I can see that my user belongs to the wireless group. Radiator is not able to figure this out and still refuses to authenticate my user despite the wireless group is global.
On my first mail I missed "DomainController mypdc" - updated below. 

Regards,
Stéphane


<script.pl>
# the original script can be found at
# http://www.xav.com/perl/site/lib/Win32/NetAdmin.html

    use Win32::NetAdmin qw(GetUsers GroupIsMember
                           UserGetAttributes UserSetAttributes);

    my %hash;
    GetUsers("mypdc", FILTER_NORMAL_ACCOUNT , \%hash)
        or die "GetUsers() failed: $^E";

    foreach (keys %hash) {
        my ($password, $passwordAge, $privilege,
            $homeDir, $comment, $flags, $scriptPath);
        if (GroupIsMember("mypdc", "wireless", $_)) {
            print "user $_ ($hash{$_}) belongs to wireless\n";
        }
    }

</script.pl>



-----Message d'origine-----
De : owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]De la
part de DELORT Stephane
Envoyé : lundi 20 juin 2005 11:49
À : radiator at open.com.au
Cc : ZOUAIN Fatek
Objet : (RADIATOR) authby LSA - active directory groups


Dear list members,

I am currently using radiator with PEAP and MSCHAP-V2, authenticating against AD.
I would like to use the group feature of LSA but I do not know how to make it work.

Following the reference manual, I have in my config file :

...
<Handler TunneledByPeap=1>
	<AuthBy LSA>
		Domain mydomain.com
		EAPType MSCHAP-V2
		Group wireless
		#also tried "Group Domain wireless"
		DomainController mypdc
	</AuthBy LSA>  
</Handler>


In the log file, radiator recorded :
...
Raduis::AuthLSA REJECT, AuthBy LSA User is not a member of any group
...

The problem is that my user IS a member of the wireless group !

Did anyone tried this feature ?

Kind regards,
Stéphane

 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list