On 12/18/01, [EMAIL PROTECTED] wrote:
>At 4:04 PM -0600 12/18/01, Chris Parker wrote:
>>At 01:47 PM 12/18/2001 -0800, [EMAIL PROTECTED] wrote:
>>>Hello,
>>>
>>>Is there a line I need to add in the radius config files to limit
>>>which LDAP users can authenticate through radius? I have set the
>>>'access_attr' line in the radiusd.conf and made sure that there is
>>>a corresponding entry in the LDAP database, but when I test the
>>>authentication all of the LDAP users are accepted by the radius
>>>server. This is true whether the LDAP attribute line is set to
>>>'true', 'false' or missing entirely.
>>
>>What do you see when you run the radius server in debug mode?
>>
>>-Chris
>>
>
>This is kinda long, so I hope yopu don't mind. The specific user
>"snoopdog" has 'radiusArapZoneAccess: false' set in the LDAP DB.
>
<snip debug>
FYI-
I have worked around this problem by adding:
filter = "(&(uid=%u)(radiusArapZoneAccess=true)"
to the LDAP section of radiusd.conf. It seems to work properly, but
if anyone has a better way to do it would like to hear about it.
--
[EMAIL PROTECTED] - PGP KeyID#: 0xFB966670
"Crappy old OSes have value in the basically negative sense that
changing to new ones makes us wish we'd never been born."
-Neal Stephenson 1999
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
