(RADIATOR) Reversing a PreAuthHook

Hugh Irvine hugh at open.com.au
Wed Sep 27 03:09:34 CDT 2006


Hello Peter -

I am not an LDAP expert, so you should check with someone who is (or  
find an LDAP reference manual), but my understanding is that you can  
express negation with the "!" character in a search filter. So  
instead of what you show below, it would look more like this:

	(&(%0=%1)(objectClass=inetOrgPerson)(!groupMembership=cn=RADIUS- 
Users<snip>))

You will obviously need to check the syntax and do some testing to  
verify correct operation.

hope that helps

regards

Hugh


On 26 Sep 2006, at 22:37, Peter Bates wrote:

>
> Hello again all...
>
> Responding to my post, tsk tsk.
>
> I realize that the SearchFilter
>
> (&(%0=%1)(objectClass=inetOrgPerson)(groupMembership=cn=RADIUS- 
> Users<snip>))
>
> works... as I was being slightly foxed by the returned 'No such  
> user' when of course that was exactly right.
>
> However, I am still stumped that I am trying to negate the above,  
> and using 'groupMembership!=' is invalid.
>
> I haven't got a nice and simple attribute in my LDAP server (in  
> reality Novell's eDirectory) like 'wirelessaccess=disabled' but I'm  
> just trying
> to find a simple mechanism to allow us to block access to the  
> RADIUS server for 'problem' users.
>
> Any suggestions gratefully received, particularly if I am  
> approaching this the wrong way or a bit back to front!
>
> Peter Bates,
> Systems Support Officer,
> London School of Hygiene & Tropical Medicine.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list