Hey guys...
I'd like to know if it is possible to use AuthAttrDef in the following
scenario:
I have an LDAP server. I'd like to have an attribute called remoteuser.
Valid assignments
to this attribute would be yes, or no.
I have a Cisco AS5300. It sends an Access-Request to Radiator with only the
username and password.
Once Radiator receives this request, it'll lookup the username/password,
then determine whether the remoteuser attribute is 'yes'. If so, it should
grant access. It not, then reject it.
I've added AuthAttrDef to my config file, and within the debug messages, I
can see that it is retrieving the attribute and it's value. But it fails to
correctly match it with anything. I gather that this is because I haven't
created anything for it to compare against....am I able to do this? Or does
AuthAttrDef only work if the attribute and value is sent along with the
Access-Request? If so, how can that be done with the AS5300?
PLEASE NOTE: I'm working on a development system, so I had to use different
attribute names then described above.
I'm Using Radiator 2.15, Netscape LDAP 3.11, Perl 5.00503
and Net-LDAPapi 1.42.
Here's my part of my config file:
<Realm>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy LDAP>
Host ldaphost
Port 389
AuthDN uid=admin,o=blah blah blah
AuthPassword xxxxxxx
BaseDN o=blah blah blah
UsernameAttr uid
PasswordAttr userpassword
AuthAttrDef telephonenumber,Xstring,check
</AuthBy>
</Realm>
And the debug output:
Thu Mar 9 16:03:48 2000: DEBUG: Handling request with Handler 'Realm='
Thu Mar 9 16:03:48 2000: DEBUG: Rewrote user name to safelice
Thu Mar 9 16:03:48 2000: DEBUG: Deleting session for safelice, x.x.x.x ,
1234
Thu Mar 9 16:03:48 2000: DEBUG: Handling with Radius::AuthLDAP
Thu Mar 9 16:03:48 2000: DEBUG: Connecting to ldaphost, port 389
Thu Mar 9 16:03:48 2000: DEBUG: LDAP got result for uid=safelice,ou=blah
blah blah
Thu Mar 9 16:03:48 2000: DEBUG: LDAP got userpassword:
{crypt}xxxxxxxxxxxxxxxx
Thu Mar 9 16:03:48 2000: DEBUG: LDAP got telephonenumber: 3660
Thu Mar 9 16:03:48 2000: DEBUG: Radius::AuthLDAP looks for match with
safelice
Thu Mar 9 16:03:48 2000: DEBUG: Radius::AuthLDAP REJECT: Check item Xstring
expression '3660' does not match '' in request
Thu Mar 9 16:03:48 2000: DEBUG: Connecting to ldaphost, port 389
Thu Mar 9 16:03:48 2000: DEBUG: No entries for DEFAULT found in LDAP
database
Thu Mar 9 16:03:48 2000: INFO: Access rejected for safelice: Check item
Xstring expression '3660' does not match '' in request
Thu Mar 9 16:03:48 2000: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 48151 ....
Code: Access-Reject
Identifier: 198
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Thanks alot!!!
Steve
===
Archive at http://www.starport.net/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
