Re: (RADIATOR) CLI auth using LDAP

[Hugh Irvine]

Hello Deen -

We will need to see a trace 4 debug from Radiator showing what is  
happening.

regards

Hugh

On Sunday, Sep 14, 2003, at 11:04 Australia/Melbourne, deen wrote:

�
Hi List,
�
What I am trying to do is, authenticate a user�CLI appearing in the  
RADIUS Auth records, against his telephone number residing in LDAP,  
rather than username/password. I have seen a sample in the ldap.cfg in  
the goodies directory and was checking. Following is what I have in my  
cfg file.
�
This does not work, and the line drops at authentication. I am using a  
Cisco AS 5300. Please tell me what I am missing. I have tested the > LDAP
with normal username/password and it works.
�
Thanks
�
�Deen
�

<Realm DEFAULT>

�������<AuthBy LDAP2>

���������������Host�����������localhost

����������������������������������������������������������������������� 
�����

���������������Port�����������389

�

�����������Version 3

����������������������������������������������������������������������� 
�����

���������������AuthDN���������cn=Manager,dc=slt,dc=lk

���������������AuthPassword��� xxx

����������������������������������������������������������������������� 
�����

���������������# The base DN at which to start the search

���������������BaseDN���������dc=slt,dc=lk

#UsernameAttr���uid

#PasswordAttr���userPassword

�

#Framed-Protocol = PPP,\

#Framed-IP-Netmask = 255.255.255.255,\

#Framed-Routing = None,\

#Framed-MTU = 1500,\

#Framed-Compression = Van-Jacobson-TCP-IP

## Old Stuff ##

���������������# This will check Calling-Station_id against

���������������# LDAP attribute mobile

���������������Identifier Check-LDAP-telephoneNumber

�������������#�Identifier telephoneNumber

�������������# Calling-Station-Id is used to search

�������������# instead of UsernameAttr and PasswordAttr

���������������SearchFilter (telephoneNumber=%{Calling-Station-Id})

���������������NoDefaultIfFound

AddToReply Framed-Protocol =�PPP,\

Service-Type = Framed-User

## Old Stuff ##

</AuthBy>

etc.

�


NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.