Hi Mike,
Thanks for your help.
I'm afraid I have more questions.
---
I heard there is a patch for the 'authby ldap', because the current code
does not do the unbind operation which can cause problems with some ldap
servers. My netscape ldap server seems to be resistant to this, but load
is increasing and I'm worried it may affect performance.
Can I get the patch? I'm using Radiatior version 2.13.
---
I saw that Radiator supports authentication with the ACE securId cards.
We may want to use securId cards for roaming users because Surfnet
requires us to use 'strong' authentication if we do not check on CLI.
Can your radius server directly enquire the ACE server and how do I
configure radiator to do that? Or does it use 'authby radius' to
forward the radius authentication request to the (Livingstone?) radius
server that is packaged with the Ace software?
---
I have a question about info level logging. It's not very helpfull in my configuration:
I have to check 2 ldap servers for the moment.
<Realm uva.nl>
...
AuthByPolicy ContinueWhileReject
<AuthBy LDAP>
Host with.ic.uva.nl
Port 389
...
NoDefaultIfFound
</AuthBy>
<AuthBy LDAP>
Host blaeu.student.uva.nl
...
NoDefaultIfFound
</AuthBy>
</Realm>
If the user is in the first ldap server, but authentication does not
succeed e.g. wrong CLI, then I only get info logging from the second
ldap server with the totally useless information.
Tue Jun 8 00:56:32 1999: INFO: Access rejected for mdw0011: No such user
While it would make the life of the support staff a lot easier if I saw
something like:
Tue Jun 8 00:34:27 1999: INFO: Access rejected for mdw0011: Check item
Calling-
Station-Id expression '/204164698/' does not match '204164699' in request
Is it configurable to get this information from the first and second
authbyldap in stead of just the second one?
---
Searching for DEFAULT:
[08/Jun/1999:12:49:47 +0200] conn=557 op=1849 SRCH base="o=Universiteit
van Amst
erdam,c=Nl" scope=2 filter="(uid=DEFAULT)"
If a user is not found then radiator searches for DEFAULT, that's a lot
of extra searches that slow down the proces.
Can I get rid of the searching for "DEFAULT" completely?
---
Performance. In the log I see:
Tue Jun 8 01:48:13 1999: WARNING: Could not find a handler: request
is ignored
Has that got to do with the fact that ldap connections are done
synchronously? Does it indicate a performance problem?
---
I hope you can help me with these questions.
Kind regards,
Marijke
Marijke Vandecappelle
Senior netwerkbeheerder Informatiseringscentrum
Universiteit van Amsterdam
E-mail [EMAIL PROTECTED] Turfdraagsterpad 9
Telefoon +31 20 5252025 1012 XT Amsterdam
Fax +31 20 5252084
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
