(RADIATOR) LDAP/ServerTACACSPLUS question
mark at dis-europe.nl
Thu Jul 20 05:44:52 CDT 2006
I am still trying to create a configuration where users
(router/switch/operators) can authenticate and authorize against an LDAP
server. It works now but not too my satisfaction. All the av-pair's are
in the LDAP user-profile, it would be better if the authorization
was linked at the group level. So ,first authenticate and then get the
authorization from the associated group.
What i've picked from the list, the AuthBy section in the cfg
should look something like this :
#get user and group
# check group
The thing is i want none of the info coming from a file but all
of it centralized in the LDAP-database.
I know i can login as a user and as a group ; the group login
(with no PasswordAttr) and the group gets the appropriate permissions on the switch/router
I want to know how i can have two subsequent queries of the ldap-server,
first for the user-authentication, and then for the authorization via the properties
of the LDAP-group the user belongs to.
Hope you can point me in the right direction.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator