Please let me know if this clear and any other better
way to handle this in radius.
Yes. Why don't you strore zip code as userPassword? Since you are going
to use it as password I really don't see why not. That would make
things quite simple.
Ivan Kalik
Kalik Informatika ISP
-
List
Hi Alan,
I am trying to do ldap query lookup in the authorize
section and after successful authorization ( if ldap
entry exists on search query) reply with
Access-Accept if not reject.
I do not want to do authentication in LDAP as we are
not storing userPassword attribute in ldap schema.
Hi Ivan,
Actually in the implementation we are going to treat
on the website zipcode as a password field. we are
asking people to enter username and zipcode which is
store in the LDAP Schema.
In the radius, I am going to receive username
(User-Name) and zipcode ( User-Password). In the ldap
OK, so password is not in LDAP. Where is it then? Are you trying to
accept users without passwords? Consider using a perl script to
implement that logic and forget about LDAP module in Freeradius.
Ivan Kalik
Kalik Informatika ISP
Dana 4/1/2008, Eric Martell [EMAIL PROTECTED] piše:
Hi Alan,
I
On Jan 4, 2008 9:54 AM, Eric Martell [EMAIL PROTECTED] wrote:
Hi Ivan,
Actually in the implementation we are going to treat
on the website zipcode as a password field. we are
asking people to enter username and zipcode which is
store in the LDAP Schema.
In the radius, I am going to
Eric Martell wrote:
I am trying to do ldap query lookup in the authorize
section and after successful authorization ( if ldap
entry exists on search query) reply with
Access-Accept if not reject.
So... you're not authenticating anyone?
I do not want to do authentication in LDAP as
Hi Alan,
Can you please help me out with the LDAP query? I
am still stuck with the issue.
Your response will be greatly appreciated.
Thanks and Regards,
Eric.
--- Alan DeKok [EMAIL PROTECTED] wrote:
Phil Mayers wrote:
Slightly confusing, there are two ways to do this:
This should be
Eric Martell wrote:
Hi Alan,
Can you please help me out with the LDAP query? I
am still stuck with the issue.
What problem is left to solve?
i.e. I read and answer a *lot* of email. I don't recall much past
what's on my screen right now...
Alan DeKok.
-
List
Hi Phil,
Please let me know if you need more info. I am
still
stuck with the problem.
Thanks and Regards,
Eric.
--- Phil Mayers [EMAIL PROTECTED] wrote:
rlm_ldap: user test1 authorized to use remote
access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap
Phil Mayers wrote:
Slightly confusing, there are two ways to do this:
This should be fixed before 2.0. There should be only one way to do
things.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Phil,
Here is the detail configs and logs. Please let me
know.
Thanks and Regards.
modules {
ldap {
server = ldap://x:1389;
identity =
uid=appuser,ou=appadm,o=entitlement
password = **
basedn =
Hi Phil, Yes I did.. Here is the config.
modules {
ldap {
set_auth_type = no
}
}
authorize {
preprocess
ldap
pap
}
authenticate {
#
# PAP authentication, when a back-end
database listed
# in
rlm_ldap: user test1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for
request 0
rlm_pap: WARNING! No known good password found for
the user. Authentication may fail because of this.
That's the problem.
Your LDAP
Hi Phil,
I installed the latest freeradius-1.1.7. I put the
line
set_auth_type = no in ldap module
to ignore the authentication. But for some reason I
get the following error in the log.
rlm_ldap: user test1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
Eric Martell wrote:
Hi Phil,
I installed the latest freeradius-1.1.7. I put the
line
set_auth_type = no in ldap module
to ignore the authentication. But for some reason I
get the following error in the log.
rlm_ldap: user test1 authorized to use remote access
rlm_ldap:
Eric Martell wrote:
Hi Phil,
I need some help again. Is there a way in the ldap
module we can specify to return only ONE result for
search filter. In my ldap tree when search with a
filter ((uid=test1)(phone=1231313128)) I get multiple
results.
And in the log I get message as search failed.
Hi Phil,
I need some help again. Is there a way in the ldap
module we can specify to return only ONE result for
search filter. In my ldap tree when search with a
filter ((uid=test1)(phone=1231313128)) I get multiple
results.
And in the log I get message as search failed. I just
want to return
Hi,
Is it possible to altogether avoid authenticate
section and just do ldap lookups in the authorize
section?
authorize {
ldap {
notfound = reject
}
}
The problem is in the authenticate section, radius
gets the userDN from the authorize and tries to bind
ldap with password which
Thanks so much Phil. I am using freeradius-1.0.4
I am going to install the latest version and will try
your suggestion.
Thanks and Regards.
Eric.
--- Phil Mayers [EMAIL PROTECTED] wrote:
Eric Martell wrote:
Hi,
Is it possible to altogether avoid authenticate
section and just do ldap
I am little bit confused as how to configure
radiusd.conf in the authorize and/or authenticate
section. So password is going to act like ldap
attribute.
We are going to pass, username and ldap attribute
(home phone #) as input for each user.
The way it is configured now is in the modules,
ldap
20 matches
Mail list logo
