I'm in the process of evaluating Radiator for our environment. During this time, I've figured something out that may be helpful to others. I've also encountered a problem that I hope I can get help with... kind of a give-take situation here folks! ;-)
My goal is to get Radiator to authenticate to our Win2k Active Directory tree. I'm running Radiator on a Win2k server. We have users strung throughout various OU's in the tree and no real standard on CN names (some have spaces and some have dots between the first & last names). Hence the only thing I can really grab onto is the princpleName (UPN, in the RFC822 email format). I've been able to use this as follows: BindString LDAP://server/dc=et,dc=rootad,dc=com AuthUser [EMAIL PROTECTED] # We'll use normal NTLM auth (AuthFlags=1, which is default) # AuthFlags 0 Here I'm specifying the root of the domain, and using the UPN as a username (adding the domain name part). Based on my information from MSDN, looks like GetADObject supports the UPN, so we're in business and it works great. I know somebody had asked about this before, so hopefully this will help. Now, my problem. Right now, we restrict access to our dial-up service via Win2k group membership. In other words, if a user wants dial-up access, we add them to a specific Win2k group (e.g. "DialUp Users") which grants them the access. This works fine using CiscoSecure ACS (our current RADIUS server) by mapping the WinNT group to a ACS group then allowing that group access to the NAS. How in the devil do you do this with Radiator?? I just can't figure this out... Any help is appreciated, and thanks in advance... - MBM === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
