(RADIATOR) How to tell if <authby LDAP_APS> is working?

Warren Bishop warren.bishop at sd5.bc.ca
Thu Jun 5 12:38:48 CDT 2008


I am pretty new to all this stuff so if this is a stupid question I am
sorry. I really need to know how to tell if this is checking my Apple OD.
What my final goal is to have all of our Colubris equipment point to the
radius server for authentication. So all our OD users can use their current
credentials to log onto the wireless. I have changed admin account names and
password for obvious reasons. But is this correct for using Apple OD to
authenticate? And how do I test that it is working?

Thanks for any and all help, Warren




# radius.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# a simple system. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration as required.
#
# This example will authenticate from a standard users file in
# DbDir/users and log accounting to LogDir/detail.
#
# It will accept requests from any client and try to handle request
# for any realm.
#
# You should consider this file to be a starting point only
# $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $

#Foreground
#LogStdout
LogDir        /var/log/radius
DbDir        /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace         3

# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
    Secret    mysecret
    DupInterval 0
</Client>

<Realm DEFAULT>
    <AuthBy LDAP_APS>
        Host        radiustest

        AuthDN        uid=diradmin,cn=users,dc=radiustest,dc=sd5,dc=bc,dc=ca
        Authpassword    secret

        BaseDN        dc=radiustest,dc=sd5,dc=bc,dc=ca

        UsernameAttr    uid

        PasswordAttr    authAuthority

        HoldServerConnection

        Version 3

        EAPType TTLS, MSCHAP-V2
            
    </AuthBy>

    # Log accounting to a detail file
    AcctLogFileName    %L/detail
</Realm>

<ServerHTTP>

    Port 9048

    Trace 4

    Username admin

    Password secret

    #Privilege Levels:
    # 0 means no access, inccluding no login permission.
    # 1 means viewing basic status only
    # 2 means ability to reset the server
    # 4 mean the ability to edit and change the running config (but not
    #   save it)
    # 8 means the ability to save changes to the config
    # 15 means all privileges
    #   Defaults to 1
    
    DefaultPrivilegeLevel 15
    
    # Clients let you limit which clients you will accept connections from
    # You can specify one or more comma or space separated IP's
    # Using this adds security.
    # Clients 127.0.0.1, ?.?.?.?
    
    Clients 127.0.0.1

    # AuditTrail logs all changes and editing operations.

    AuditTrail  %D/audit.txt

    # Log file to log users that log into the HTTP interface.
    
    <AuthLog FILE>
        Filename %L/authlog
    </AuthLog>

</ServerHTTP>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list