(RADIATOR) LDAP Auth against Microsoft AD - limiting access by AD Group

Chris Rosan Chris.Rosan at europcar.com.au
Mon May 7 03:21:18 CDT 2007


Dear List,

 

We're in the process of setting up a new Radiator server which provides
authorisation for some realm's via LDAP to Microsoft Active directory.
I'm using Radiator 3.17.1-1 on Redhat 4, & Windows 2003 Domain
controllers.

 

I need to restrict access to users in specific AD groups.  These are for
both Dial-in & VPN client authentication. So far we are just using the
"radpwtst" utility to test authentication.

 

I can't get it to allow/deny access based on the group membership.

 

Snippets of the config file:

 

<Handler NAS-IP-Address=x.x.x.x,Realm=subdomain1.mydomain.com.au>

    RewriteUsername s/rho\.subdomain2/subdomain1/

    DefineGlobalVar AuthLDAPGroup "AU Remote Access - Dial"

    AuthBy AuthByLDAP

</Handler>

 

It just seems to ignore checking that the user is a member of the LDAP
group "AU Remote Acces - Dial".

 

Trace 4 snip shows this being sent back to Radiator from the LDAP
server:

 

LDAP got memberOf: CN=AU Remote Access - Dial

 

Can anyone shed some light or assist?

 

Chris Rosan

Systems Administrator

Europcar Asia Pacific

157 Mickleham Rd

Tullamarine 

VIC 3043

Australia

Ph:    +61 3 9330 6114

Fax:   +61 3 9338 6278

Mob:  +61 410 612 031

Email: chris.rosan at europcar.com.au

 

 

 

 


This e-mail and any files attached to it are confidential and 
intended solely for the use of the individual or entity to 
whom they are addressed. If you have received this e-mail 
inadvertently or you are not the intended recipient, you may 
not distribute, copy or in any way rely on it. Further, you 
should notify the sender immediately and delete the e-mail 
from your computer. The contents and opinions contained in 
this e-mail are those of the individual sender unless they 
are expressly stated to be those of Europcar. Whilst we have 
taken precautions to alert us to the presence of computer 
viruses, we cannot and do not guarantee that this email and 
any files transmitted with it are free from such viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070507/5633d3ed/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2864 bytes
Desc: image001.jpg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070507/5633d3ed/attachment.jpe>


More information about the radiator mailing list