(RADIATOR) Radiator and Active Directory

Gavin Norman gavin.norman at europcar.com.au
Wed Aug 1 18:38:19 CDT 2007


We've managed to have our Radius server authenticate off our Active
Directory infrastructure, even with group memberships. You will find our
original posts at
http://www.nabble.com/forum/ViewPost.jtp?post=10354268&framed=y

We're using the LDAP2 module, Here is the AuthBy context:

<AuthBy LDAP2>
        Identifier AuthByLDAP

        #Debug 255

        # LDAP bind
        Host dc.mydomain.com.au
        HoldServerConnection
        Timeout 4
     	  Port 3268
        AuthDN cn=Service Account,cn=Users,dc=my,dc=domain,dc=com
,dc=au
        AuthPassword servicepass

        # The client authentication
        ServerChecksPassword
        UsernameAttr sAMAccountName
        BaseDN ou=All Users,dc=my,dc=domain,dc=com,dc=au
        AuthAttrDef sAMAccountName,GENERIC,request
        AuthAttrDef memberOf,GENERIC,request
        PostSearchHook file:"%D/hooks/ldap_groups.pl"  
</AuthBy>

Hope this helps.

Gavin Norman
Helpdesk Administrator
 
Europcar Asia-Pacific
  

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Thursday, 2 August 2007 8:40 AM
To: kem at cse.psu.edu
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Radiator and Active Directory


Hello Kem -

You would use something like this:


<Handler .....>

	AuthByPolicy ContinueWhileAccept

	<AuthBy LDAP2>
		.....
		SearchFilter .......
		......
	</AuthBy>

	<AuthBy KRB5>
		.....
	</AuthBy>

</Handler>


See section 5.36.15 in the Radiator 3.17.1 reference manual ("doc/ 
ref.html").

regards

Hugh



On 2 Aug 2007, at 01:51, Kem Hartley wrote:

> Hello,
> 	I'm trying to use radiator to authenticate remote access vpn  
> users. Logon credentials are only userid and password.  So a user  
> attempts to log on using their userid, userXYZ with password,  
> somepassword.  I would like radiator to check whether or not  
> userXYZ is a staff or faculty member based on ldap attribute  
> "description".  If the check succeeds, it validates userid and  
> password via AuthBy KRB5.  Is there a way to do this?  I've got the  
> kerberos part working, but not the ldap check.
>
> Thanks in advance.
>
> --Kem
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

########################################################################
#############
This email was scanned for your safety and protection from
viruses and offensive content. mailmarshal at europcar.com.au
########################################################################
#############
This e-mail and any files attached to it are confidential and 
intended solely for the use of the individual or entity to 
whom they are addressed. If you have received this e-mail 
inadvertently or you are not the intended recipient, you may 
not distribute, copy or in any way rely on it. Further, you 
should notify the sender immediately and delete the e-mail 
from your computer. The contents and opinions contained in 
this e-mail are those of the individual sender unless they 
are expressly stated to be those of Europcar. Whilst we have 
taken precautions to alert us to the presence of computer 
viruses, we cannot and do not guarantee that this email and 
any files transmitted with it are free from such viruses.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list