[RADIATOR] AuthBy LSA and BaseDN
craigsimons at sfu.ca
Wed Sep 12 12:03:45 CDT 2012
Unfortunately, my knowledge of the intricacies of AD is limited, so I hope I can properly explain what I want to achieve.
Basically, our AD permission structure is such that not all OU containers are "trusted" enough to allow wireless authentication. So, I only want to allow authentication based on user entries in a specific OU as opposed to users who are members of a group (not quite the same thing I'm led to believe).
We (currently) run Radiator on Windows servers and therefore use the LSA module for AD authentication. The manual doesn't have any specific configuration options for this module that appear to be able to limit searches.
----- Original Message -----
From: "Heikki Vatiainen" <hvn at open.com.au>
To: radiator at open.com.au
Sent: Wednesday, 12 September, 2012 06:17:19
Subject: Re: [RADIATOR] AuthBy LSA and BaseDN
On 09/12/2012 03:16 AM, Craig Simons wrote:
> The AuthBy LSA module section of the manual does not specify the
> ability to limit searches to a particular OU, only groups. The NTLM
> module appears to allow and BaseDN parameter. Is there a way the
> AuthBy LSA modules could do the same thing?
Do you want to limit the searches to subtrees like BaseDN does? This
would likely to be good for performance and easier for authentication
related AD searches. Part of your message is missing something so I'm
guessing a little here.
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
radiator mailing list
radiator at open.com.au
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the radiator