So Stephen,
If I understand you correctly, this "patch" basically implements the
Check Item with NEGATIVE LOGIC, correct? Rather than having Radiator
check for a MATCH, it checks for a MISMATCH to allow authentication?
If so, this is similar to what we're looking for. We want to define 2
types of customer:
A - these can call regular phone #s (only)
B - these can call regular phone #s AS WELL AS an 800#
Is this something that we would screen with a Check attribute or a Reply
attribute? That continues to puzzle me. Ideally, we'd like to configure
it with a single Reply attribute for those in group B, and have some
type of logic in the Radiator .cfg file implement the above logic.
Can your patch handle this? Can any of you comment on the proper way to
implement this? I'm going to be required to put some rules on our 800#
very soon...
Thanks in advance!
Dave
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Felicetti, Stephen A.
> Sent: Tuesday, August 08, 2000 4:20 PM
> To: 'Robin Gruyters'; [EMAIL PROTECTED]
> Subject: RE: (RADIATOR) Check Attribute in LDAP
>
>
> Robin,
>
> I'm not sure if I follow exactly what you want to do. But
> I'll give it a
> shot.
> I have this line in my config file under <Authby LDAP2>:
>
> AuthAttrDef altmail5,NAS-Port-Type,check
>
> It allows me to compare the LDAP attribute 'altmail5' against
> the radius
> attribute 'NAS-Port-Type'. If they don't match, it rejects the
> authentication. If altmail5 does not exist for that user,
> then it isn't
> checked, and authentication goes through.
>
> With code written by Hugh and Mike, I've also implemented a
> new LDAP search
> feature that allows me to query the user's LDAP entry for the
> existance of a
> specific attribute. If the attribute does not exist, it rejects the
> authentication. Is this closer to what you want to do? If so,
> it'll require
> 2.16.1, plus new code and patches.
>
> As far as I know (Hugh can confirm this) this new feature is still in
> testing mode, and hasn't been added to the general release.
> I've been using
> it here for 1 week now without a problem.
>
> Let me know if I can help!
>
> Steve
>
>
> -----Original Message-----
> From: Robin Gruyters [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 08, 2000 12:21 PM
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) Check Attribute in LDAP
>
>
> HI,
>
> Just one question. Is it possible to check an attribute like:
>
> if "AccountStatus" exists on the LDAP do Access-Type=Reject
>
> So no ocheck on attribute from the NAS, only on de LDAP.
> --
> Regards,
>
> Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
> http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
> PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
> BOFH excuse: Incorrect time syncronization
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
