[RADIATOR] nmas methods

Heikki Vatiainen hvn at open.com.au
Mon May 30 04:00:33 CDT 2011 

On 05/27/2011 10:25 AM, L Boerdijk wrote:

Hello Lars,

> We got the radiator software running properly with Edirectory NMAS and
> Digipass tokens.
> The only question i have now is: how can i make use of the default nmas
> sequence in the edirectory?
> I want to be able to switch preferred nmas methods for different users
> in de edirectory and let radiator automaticly make use of that default
> method.

The example config below should behave as follows:
- use Digipass as the default sequence name
- use the value of LDAP attribute sasDefaultLoginSequence as the user
specific sequence name if the attribute is defined for the user

If sasDefaultLoginSequence is not defined, then Digipass will be used
instead.

> I used a modified configuration file from the goodies directory.
> This is the config section from the nmas example config:

> UseNovellNMASSequence Digipass
> AuthAttrDef sasDefaultLoginSequence,eDir-Auth-Option,check

> The second part says something about using the nmas sequence in edirectory.
> But i dont understand exactly how i should configure this.

What happens if you use the two options as specified above?

If sasDefaultLoginSequence is not the name of user-specific sequence
name, you must check and change the name accordingly.

> Then i comment-out the /UseNovellNMASSequence Digipass /line, Radiator
> still uses the digipass method and
> gives a error when starting the daemon: /WARNING: No PasswordAttr or
> EncryptedPasswordAttr defined for AuthLDAP2 at
> '/etc/radiator/radius.cfg' line
> /

You need to have one of PasswordAttr, EncryptedPasswordAttr,
ServerChecksPassword, NoCheckPassword, GetNovellUP or
UseNovellNMASSequence defined so that Radiator knows how to do password
check.

If you define UseNovellNMASSequence without a specific value, it will
default to NDS.

> The reason i want this is because not all users of the radius server
> will have a digipass. Some of them will still use the NDS (password) method.

Please check the above and if it does not work, reply with your
configuration (no secrets or passwords needed) and Radiator Trace 4 log
showing what happens.

Thanks!

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list