Re: (RADIATOR) ADSI && userIsInGroup

Tue, 23 Dec 2003 15:55:37 -0800


Hello Mario -

My apologies - I did not realise that my suggestion would not work.

You might also be able to use the AuthBy LDAP2 clause instead of AuthBy ADSI, and define a SearchFilter that will also check the group.

You will need to define a different AuthBy LDAP2 clause for each case and use the AuthBy FILE to call them as I showed previously.

See section 6.35 in the Radiator 3.7.1 reference manual for details.

regards

Hugh


On 24/12/2003, at 9:01 AM, Mike McCauley wrote:

Hello Mario,



---------- Forwarded Message ----------


Begin forwarded message: 
From: "Mario Lopez" <[EMAIL PROTECTED]>
Date: 23 December 2003 1:39:38 PM
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Subject: (RADIATOR) ADSI && userIsInGroup

Hi,

        I have being trying to make a per-user group authentification work
wih Radiador and being unsucesfull, checking the source code I have
read the
following comment in AuthADSI.pm in Radius directory in the comments
of the
"userIsInGroup" function.

# Check if the user is in the group
# $user is a user name and $group is a group name
# REVISIT: not working properly yet: cant get the results
# of IsMember

Does this mean that this issue is not working right know?!!!.


That is correct: it is currently not available.



I am using the following configuration:

<AuthBy ADSI>
        BindString LDAP://dc=openlink,dc=es
        SearchAttribute userPrincipalName
        AuthUser  %0
        AuthFlags 0

        GroupBindString LDAP://cn=%0,ou=GruposDeAcceso,dc=openlink,dc=es
        GroupUserBindString LDAP://cn=%1,cn=clientes,dc=openlink,dc=es
</AuthBy>

<AuthBy FILE>
        Identifier Usuarios
</AuthBy>

<Handler Realm=openlink.es>
        AuthBy Usuarios
</Handler>


And the "usuarios file" is this one:

DEFAULT Auth-Type=ADSI, Group="OpenLink-128-128"
        WISPr-Bandwidth-Max-Down = 131072,
        WISPr-Bandwidth-Max-Up = 131072

Any suggestions of what could I do?

I have the following Active Directory schema, two OU named "Clientes"
and
"GruposDeAcceso", users are in "Clientes" OU, and access groups that
determine specific VSA sending are in "GruposDeAcceso" VSA.

Any idea?

Perhaps using proxy to another RADIUS?

I am starting to get desperate.

P.D: Please do not tell me to read secion 6.4 on ref.html, I have read
it,
and reread it, followed the examples in ref.html and in goodies
directory
and I cannot get it to work.

Thanks!

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.


NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

-------------------------------------------------------

--
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to