>
>Please let me know if this clear and any other better
>way to handle this in radius.
>
Yes. Why don't you strore zip code as userPassword? Since you are going
to use it as password I really don't see why not. That would make
things quite simple.
Ivan Kalik
Kalik Informatika ISP
-
List info/su
On Jan 4, 2008 9:54 AM, Eric Martell <[EMAIL PROTECTED]> wrote:
> Hi Ivan,
> Actually in the implementation we are going to treat
> on the website zipcode as a password field. we are
> asking people to enter username and zipcode which is
> store in the LDAP Schema.
>
> In the radius, I am going t
Eric Martell wrote:
> I am trying to do ldap query lookup in the authorize
> section and after successful authorization ( if ldap
> entry exists on search query) reply with
> Access-Accept if not reject.
So... you're not authenticating anyone?
> I do not want to do authentication in LDAP
Hi Ivan,
Actually in the implementation we are going to treat
on the website zipcode as a password field. we are
asking people to enter username and zipcode which is
store in the LDAP Schema.
In the radius, I am going to receive username
(User-Name) and zipcode ( User-Password). In the ldap
mod
OK, so password is not in LDAP. Where is it then? Are you trying to
accept users without passwords? Consider using a perl script to
implement that logic and forget about LDAP module in Freeradius.
Ivan Kalik
Kalik Informatika ISP
Dana 4/1/2008, "Eric Martell" <[EMAIL PROTECTED]> piše:
>Hi Alan,
Hi Alan,
I am trying to do ldap query lookup in the authorize
section and after successful authorization ( if ldap
entry exists on search query) reply with
Access-Accept if not reject.
I do not want to do authentication in LDAP as we are
not storing "userPassword" attribute in ldap schema.
Eric Martell wrote:
> Hi Alan,
>Can you please help me out with the LDAP query? I
> am still stuck with the issue.
What problem is left to solve?
i.e. I read and answer a *lot* of email. I don't recall much past
what's on my screen right now...
Alan DeKok.
-
List info/subscribe/unsubs
Hi Alan,
Can you please help me out with the LDAP query? I
am still stuck with the issue.
Your response will be greatly appreciated.
Thanks and Regards,
Eric.
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> Phil Mayers wrote:
> > Slightly confusing, there are two ways to do this:
>
> This sho
Hi Phil,
Please let me know if you need more info. I am
still
stuck with the problem.
Thanks and Regards,
Eric.
--- Phil Mayers <[EMAIL PROTECTED]> wrote:
> >
> > rlm_ldap: user test1 authorized to use remote
> access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: m
Hi Phil,
Here is the detail configs and logs. Please let me
know.
Thanks and Regards.
modules {
ldap {
server = "ldap://x:1389";
identity =
"uid=appuser,ou=appadm,o=entitlement"
password = **
basedn = "ou=roles
Phil Mayers wrote:
> Slightly confusing, there are two ways to do this:
This should be fixed before 2.0. There should be only one way to do
things.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap: user test1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for
request 0
rlm_pap: WARNING! No "known good" password found for
the user. Authentication may fail because of this.
That's the problem.
Your LDAP mo
Hi Phil, Yes I did.. Here is the config.
modules {
ldap {
set_auth_type = no
}
}
authorize {
preprocess
ldap
pap
}
authenticate {
#
# PAP authentication, when a back-end
database listed
# in t
Eric Martell wrote:
Hi Phil,
I installed the latest freeradius-1.1.7. I put the
line
set_auth_type = no in ldap module
to ignore the authentication. But for some reason I
get the following error in the log.
rlm_ldap: user test1 authorized to use remote access
rlm_ldap: ldap_release_c
Hi Phil,
I installed the latest freeradius-1.1.7. I put the
line
> > set_auth_type = no in ldap module
to ignore the authentication. But for some reason I
get the following error in the log.
rlm_ldap: user test1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
Eric Martell wrote:
Hi Phil,
I need some help again. Is there a way in the ldap
module we can specify to return only ONE result for
search filter. In my ldap tree when search with a
filter (&(uid=test1)(phone=1231313128)) I get multiple
results.
And in the log I get message as search failed.
Hi Phil,
I need some help again. Is there a way in the ldap
module we can specify to return only ONE result for
search filter. In my ldap tree when search with a
filter (&(uid=test1)(phone=1231313128)) I get multiple
results.
And in the log I get message as search failed. I just
want to return
Thanks so much Phil. I am using freeradius-1.0.4
I am going to install the latest version and will try
your suggestion.
Thanks and Regards.
Eric.
--- Phil Mayers <[EMAIL PROTECTED]> wrote:
> Eric Martell wrote:
> > Hi,
> > Is it possible to altogether avoid authenticate
> > section and just
Eric Martell wrote:
Hi,
Is it possible to altogether avoid authenticate
section and just do ldap lookups in the authorize
section?
authorize {
ldap {
notfound = reject
}
}
The problem is in the authenticate section, radius
gets the userDN from the authorize and tries to "bind"
lda
I am extremely sorry. Looks like it created new thread
with same title.
Really apologized. Admin's please merge the thread.
Eric.
--- Eric Martell <[EMAIL PROTECTED]> wrote:
> Hi,
> Is it possible to altogether avoid authenticate
> section and just do ldap lookups in the authorize
> section?
Hi,
Is it possible to altogether avoid authenticate
section and just do ldap lookups in the authorize
section?
authorize {
ldap {
notfound = reject
}
}
The problem is in the authenticate section, radius
gets the userDN from the authorize and tries to "bind"
ldap with password which
I am little bit confused as how to configure
radiusd.conf in the authorize and/or authenticate
section. So password is going to act like ldap
attribute.
We are going to pass, username and ldap attribute
(home phone #) as input for each user.
The way it is configured now is in the modules,
ldap {
22 matches
Mail list logo