On 05/27/2011 10:25 AM, L Boerdijk wrote: Hello Lars,
> We got the radiator software running properly with Edirectory NMAS and > Digipass tokens. > The only question i have now is: how can i make use of the default nmas > sequence in the edirectory? > I want to be able to switch preferred nmas methods for different users > in de edirectory and let radiator automaticly make use of that default > method. The example config below should behave as follows: - use Digipass as the default sequence name - use the value of LDAP attribute sasDefaultLoginSequence as the user specific sequence name if the attribute is defined for the user If sasDefaultLoginSequence is not defined, then Digipass will be used instead. > I used a modified configuration file from the goodies directory. > This is the config section from the nmas example config: > UseNovellNMASSequence Digipass > AuthAttrDef sasDefaultLoginSequence,eDir-Auth-Option,check > The second part says something about using the nmas sequence in edirectory. > But i dont understand exactly how i should configure this. What happens if you use the two options as specified above? If sasDefaultLoginSequence is not the name of user-specific sequence name, you must check and change the name accordingly. > Then i comment-out the /UseNovellNMASSequence Digipass /line, Radiator > still uses the digipass method and > gives a error when starting the daemon: /WARNING: No PasswordAttr or > EncryptedPasswordAttr defined for AuthLDAP2 at > '/etc/radiator/radius.cfg' line > / You need to have one of PasswordAttr, EncryptedPasswordAttr, ServerChecksPassword, NoCheckPassword, GetNovellUP or UseNovellNMASSequence defined so that Radiator knows how to do password check. If you define UseNovellNMASSequence without a specific value, it will default to NDS. > The reason i want this is because not all users of the radius server > will have a digipass. Some of them will still use the NDS (password) method. Please check the above and if it does not work, reply with your configuration (no secrets or passwords needed) and Radiator Trace 4 log showing what happens. Thanks! -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
