[RADIATOR] Radiator/TACACS+ via ADSI
Kim, Steve
steve.kim at davispolk.com
Tue Nov 8 12:28:06 CST 2011
Hi experts,
I'm testing Radiator/TACACS+ via authentication from AD with ADSI.
I'd like to accomplish that a group member in AD only can authenticated.
Can someone take a look following config and see if there is(are) any error(s)?
Thanks in advance.
So, here is my radius.cfg where I need your expertise.
<AuthBy ADSI>
Identifier ADSI
BindString LDAP://ou=Users,ou=xxx Users,dc=xx,dc=xx,dc=xx
AuthUser %0
AuthFlags 1
</AuthBy >
<ServerTACACSPLUS >
AddToRequest NAS-Identifier=TACACS
GroupMemberAttr tacacsGroup
AuthorizationTimeout 600
BindAddress 0.0.0.0
GroupCacheFile %L/radiator-tacacs-usergroup.cache
IdleTimeout 180
MaxBufferSize 100000
PasswordPrompt Password:
Port 49
SingleSession 1
UsernamePrompt Username:
<Log FILE>
Filename %L/logfile-tacacs
Trace 4
</Log>
</ServerTACACSPLUS>
<Handler NAS-Identifier=TACACS>
<AuthBy FILE>
Filename %D/users.groups
</AuthBy>
AcctLogFileName %D/detail
</Handler>
Here is users.groups:
DEFAULT Auth-Type=ADSI, Group="networking_staff"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20111108/3f44880c/attachment.html
More information about the radiator
mailing list