(RADIATOR) <AuthBy LDAP2> and Group membership checks?
Muhammed, Rafi
Rafi.Muhammed at oxygenforbusiness.com
Thu Sep 1 22:46:18 CDT 2005
Hi
I have this working successfully with the following config. Hope it is
useful.
<Realm blahblah>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy LDAP2>
Identifier xxxLDAP
Host xx.xx.xx.xx
Port 389
AuthDN cn=someacct,cn=Users,dc=xxxnet,dc=net
AuthPassword somepasswd
BaseDN ou=XXX Users,dc=xxxnet,dc=net
ServerChecksPassword
UsernameAttr sAMAccountName
SearchFilter
(&(%0=%1)(memberOf=CN=somegroup,OU=Security,OU=Groups,DC=xxxnet,DC=net))
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName %L\XXX\%Y%m.log
</Realm>
Thanks and Regards
Rafi Muhammed
Network & Security Architect
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Wednesday, 31 August 2005 12:13 p.m.
To: Jan Tomasek
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) <AuthBy LDAP2> and Group membership checks?
Hello Jan -
You can use two AuthBy LDAP2 clauses with an AuthByPolicy:
.....
AuthByPolicy ContinueWhileAccept
# check password
<AuthBy LDAP2>
.....
</AuthBy>
# check Group
<AuthBy LDAP2>
.....
</AuthBy>
.....
regards
Hugh
On 30 Aug 2005, at 17:52, Jan Tomasek wrote:
> Hello,
>
> I need to setup Radiator to authenticate users against LDAP (I need
> just
> plain RADIUS, ie no EAP stuff). That is piece cake with Radiator :)
> But! Every
> successfuly authenticated user has to be member of group
> 'cn=somegroup,
> ou=Groups, dc=cesnet, dc=cz'.
>
> SearchFilter allows me to check atributes in own user's entry, but not
> membership of that user in some group. Is there any way how to do
> it in some
> simple way? I'm running version 3.12 with patch 498.
>
> Thanks
> --
> --------------------------------------------------------------
> Jan Tomasek aka Semik work: CESNET, z.s.p.o.
> http://www.tomasek.cz/ Zikova 4, 160 00 Praha 6
> Czech Republic
> phone(work): +420 2 2435 5279 http://www.cesnet.cz/
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
DISCLAIMER: This electronic message together with any attachments is
confidential. If you are not the intended recipient, do not copy, disclose or
use the contents in any way. Please also advise us by return e-mail that you
have received the message and then please destroy. Oxygen Business Solutions is not
responsible for any changes made to this message and / or any attachments after
sending by Oxygen Business Solutions. We use virus scanning software but exclude all
liability for viruses or anything similar in this email or any attachment.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list