Unfortunately, my knowledge of the intricacies of AD is limited, so I hope I can properly explain what I want to achieve.
Basically, our AD permission structure is such that not all OU containers are "trusted" enough to allow wireless authentication. So, I only want to allow authentication based on user entries in a specific OU as opposed to users who are members of a group (not quite the same thing I'm led to believe). We (currently) run Radiator on Windows servers and therefore use the LSA module for AD authentication. The manual doesn't have any specific configuration options for this module that appear to be able to limit searches. Regards, Craig ----- Original Message ----- From: "Heikki Vatiainen" <[email protected]> To: [email protected] Sent: Wednesday, 12 September, 2012 06:17:19 Subject: Re: [RADIATOR] AuthBy LSA and BaseDN On 09/12/2012 03:16 AM, Craig Simons wrote: > The AuthBy LSA module section of the manual does not specify the > ability to limit searches to a particular OU, only groups. The NTLM > module appears to allow and BaseDN parameter. Is there a way the > AuthBy LSA modules could do the same thing? Do you want to limit the searches to subtrees like BaseDN does? This would likely to be good for performance and easier for authentication related AD searches. Part of your message is missing something so I'm guessing a little here. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
