(RADIATOR) LDAP2/ServerTACACSPLUS help!

Hugh Irvine hugh at open.com.au
Sat Jul 22 19:29:27 CDT 2006 

Hello Mark -

Can you please explain to me in detail the relationships that you are  
showing below?

regards

Hugh


On 21 Jul 2006, at 23:53, mark wrote:

> Hello List,
>
> I will give the scheme for my LDAP-server first, it's a simple  
> setup for
> a IT helpdesk/support office .
>
> 		dc=test
>
>
> 	    ou=group			   ou=Medewerkers(workers)
> /		|		\	/           |          \
> dc=helpdesk  dc=support   dc=roots    cn=james  cn=wilma      cn=bill
>
> I want the workers to be able to access routers and switches but with
> appropriate authorization schemes. for instance:
>
> This group:
>
> dn: cn=helpdesk,ou=Group,dc=test
> objectClass: posixGroup
> objectClass: top
> objectClass: radiusprofile
> cn: helpdesk
> gidNumber: 8800
> radiusReplyItem: cisco-avpair ="priv-lvl=1"
>
> this user:
>
> dn: cn=James,ou=Medewerkers,dc=test
> cn: james
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
> sn: Geen
> uid: greet
> homeDirectory: /tmp
> shadowLastChange: 13322
> mail: james at test.nl
> userPassword: {MD5}
> gidNumber: 8800
> uidNumber: 8801
>
> What i want to happen is :
>
> AuthByPolicy ContinueWhileAccept
>
>         <AuthBy LDAP2>
>                 # get user and group
>                 .....
>         </AuthBy>
>
>         <AuthBy LDAP2>
>                 # check group
>                 .....
>                 SearchFilter (....)
>         </AuthBy>
>
> And the proper authorization is given !!
>
> I have tried a couple of ways to get it to work but im too much of a
> novice
> to make it work.
>
> A little bit more explicit help would be appreciated.
>
> Thanks for the help so far.
>
> Have a nice weekend
>
> Mark
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list