(RADIATOR) LDAP2/ServerTACACSPLUS help!
mark
mark at dis-europe.nl
Fri Jul 21 08:53:09 CDT 2006
Hello List,
I will give the scheme for my LDAP-server first, it's a simple setup for
a IT helpdesk/support office .
dc=test
ou=group ou=Medewerkers(workers)
/ | \ / | \
dc=helpdesk dc=support dc=roots cn=james cn=wilma cn=bill
I want the workers to be able to access routers and switches but with
appropriate authorization schemes. for instance:
This group:
dn: cn=helpdesk,ou=Group,dc=test
objectClass: posixGroup
objectClass: top
objectClass: radiusprofile
cn: helpdesk
gidNumber: 8800
radiusReplyItem: cisco-avpair ="priv-lvl=1"
this user:
dn: cn=James,ou=Medewerkers,dc=test
cn: james
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
sn: Geen
uid: greet
homeDirectory: /tmp
shadowLastChange: 13322
mail: james at test.nl
userPassword: {MD5}
gidNumber: 8800
uidNumber: 8801
What i want to happen is :
AuthByPolicy ContinueWhileAccept
<AuthBy LDAP2>
# get user and group
.....
</AuthBy>
<AuthBy LDAP2>
# check group
.....
SearchFilter (....)
</AuthBy>
And the proper authorization is given !!
I have tried a couple of ways to get it to work but im too much of a
novice
to make it work.
A little bit more explicit help would be appreciated.
Thanks for the help so far.
Have a nice weekend
Mark
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list