(RADIATOR) Radiator doesn't bind to LDAP
Hugh Irvine
hugh at open.com.au
Tue Feb 21 16:00:20 CST 2006
Hello David -
You should add "NoDefault" to the second AuthBy LDAP2 clause.
.....
<AuthBy LDAP2>
.....
NoDefault
.....
</AuthBy>
......
regards
Hugh
On 22 Feb 2006, at 02:30, David Felipe Rios Rojas wrote:
>
>> -----Mensaje original-----
>> De: Hugh Irvine [mailto:hugh at open.com.au]
>> Enviado el: Viernes, 17 de Febrero de 2006 05:38 p.m.
>> Para: David Felipe Rios Rojas
>> CC: Radiator-List list
>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
>>
>>
>> Hello David -
>>
>> You will need to use two AuthBy LDAP clauses - the first to
>> authenticate the user and get the GroupId, and the second to get the
>> GroupAttributes for the GroupId.
>>
>> Something like this:
>>
>>
>> <Realm ....>
>>
>> AuthByPolicy ContinueWhileAccept
>>
>> <AuthBy LDAP2>
>> # authenticate the user and return the GroupId
>> in the request
>> .......
>> AuthAttrDef GroupId, GroupId, request
>> </AuthBy>
>>
>> <AuthBy LDAP>
>> # get the GroupAttributes for this GroupId
>> ......
>> SearchFilter .....GroupId....
>> AuthAttrDef GroupAttributes, GENERIC, reply
>> </AuthBy>
>>
>> </Realm>
>>
>>
>> The GroupAttributes field will contain the list of attribute=value
>> pairs sepatated by commas:
>>
>> ..... = ....... , ........ = ........ , ........ = ..........
>>
>>
>> Hope that helps.
>>
>> regards
>>
>> Hugh
>>
>
> Hi Hugh.
>
> I did what you wrote and it's working so good :)
>
> However we have another problem; I will explain it after
> show you my config file:
>
> #################################################################
> <Realm DEFAULT>
> AuthByPolicy ContinueWhileAccept
>
> <AuthBy LDAP2>
> RewriteUsername s/^([^@]+).*/$1/
>
> Host xxxxxx
>
> AuthDN cn=root
> AuthPassword xxxxxx
>
> BaseDN %0=%1,ou=xxxxxx,o=xxxxxx,o=xxxxxx
> SearchFilter radiusLoginService=E
>
> UsernameAttr uid
> PasswordAttr userPassword
>
> HoldServerConnection
> Debug 255
> Version 3
>
> AuthAttrDef radiusServiceType,profile,request
> </AuthBy>
>
> <AuthBy LDAP2>
> Host xxxxxx
>
> AuthDN cn=root
> AuthPassword xxxxxx
>
> BaseDN ou=RadiusProfiles,o=xxxxxx,o=xxxxxx
> SearchFilter radiusprofiledn=%{profile}
>
> HoldServerConnection
> Version 3
> Debug 255
>
> AuthAttrDef radiusNasIPAddress, NAS-IP-Address, check
> AuthAttrDef radiusServiceType, Service-Type, reply
> </AuthBy>
> </Realm>
> #################################################################
>
> when "NAS-IP-Address" matches with IP sent by "radpwtst", Radiator
> returns "Service-Type" to NAS and that's OK; but when "NAS-IP-Address"
> *doesn't* match, Radiator executes second "AuthBy" clause over and
> over
> and it doesn't stop.
>
> Thanks in advance
>
> --
> David Rios R.
> Ingenieria de Desarrollo
> Expansion Nuevos Servicios
> Empresas Publicas de Medellin
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list