(RADIATOR) authby LSA - active directory groups
Mike McCauley
mikem at open.com.au
Mon Jun 20 19:19:22 CDT 2005
Hello Stephane,
when you run your test script, exactly what user name does it print out as
belonging to the wireless group?
Radiator checks for group membership using just the user name without any
associated domain.
Cheers.
On Monday 20 June 2005 23:56, DELORT Stephane wrote:
> I made some tests in order to round/solve the problem.
>
> Using the included script I can see that my user belongs to the wireless
> group. Radiator is not able to figure this out and still refuses to
> authenticate my user despite the wireless group is global. On my first mail
> I missed "DomainController mypdc" - updated below.
>
> Regards,
> Stéphane
>
>
> <script.pl>
> # the original script can be found at
> # http://www.xav.com/perl/site/lib/Win32/NetAdmin.html
>
> use Win32::NetAdmin qw(GetUsers GroupIsMember
> UserGetAttributes UserSetAttributes);
>
> my %hash;
> GetUsers("mypdc", FILTER_NORMAL_ACCOUNT , \%hash)
> or die "GetUsers() failed: $^E";
>
> foreach (keys %hash) {
> my ($password, $passwordAge, $privilege,
> $homeDir, $comment, $flags, $scriptPath);
> if (GroupIsMember("mypdc", "wireless", $_)) {
> print "user $_ ($hash{$_}) belongs to wireless\n";
> }
> }
>
> </script.pl>
>
>
>
> -----Message d'origine-----
> De : owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]De la
> part de DELORT Stephane
> Envoyé : lundi 20 juin 2005 11:49
> À : radiator at open.com.au
> Cc : ZOUAIN Fatek
> Objet : (RADIATOR) authby LSA - active directory groups
>
>
> Dear list members,
>
> I am currently using radiator with PEAP and MSCHAP-V2, authenticating
> against AD. I would like to use the group feature of LSA but I do not know
> how to make it work.
>
> Following the reference manual, I have in my config file :
>
> ...
> <Handler TunneledByPeap=1>
> <AuthBy LSA>
> Domain mydomain.com
> EAPType MSCHAP-V2
> Group wireless
> #also tried "Group Domain wireless"
> DomainController mypdc
> </AuthBy LSA>
> </Handler>
>
>
> In the log file, radiator recorded :
> ...
> Raduis::AuthLSA REJECT, AuthBy LSA User is not a member of any group
> ...
>
> The problem is that my user IS a member of the wireless group !
>
> Did anyone tried this feature ?
>
> Kind regards,
> Stéphane
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list