RE: (RADIATOR) checking other attributes

Thu, 01 Jun 2000 12:56:41 -0700 

Yes it is, BUT...the value of the LDAP attribute must match the radius
attribute being sent from the NAS.
And you are limited to what those values are. Setup a sniffer to capture the
packets from your NAS to see the values.
You are able to take any of the radius attributes and compare them directly
against an LDAP attribute.

For instance my NAS sends Radiator these radius attributes:

NAS-IP-Address = x.x.x.x
NAS-Port= xx
NAS-Port-Type = Async
User-Name = abcd
Called-Station-Id = ###
Calling-Station-Id = ####
User-Password = xxxxxxxxxxx
Service-Type = Framed-User
Framed-Protocol = PPP

For our application, I just wanted to limit who is aloud to be
authenticated. I added an arbitrary attribute to each users LDAP entry, and
assigned it a static value. That value remains the same each time a users
connects to the NAS. If I don't want a perticular user to connect, I simply
assign the attribute a different value.

I used this line in the config file...

AuthAttrDef       "LDAPattr",NAS-Port-Type,check

I'm sure there are other ways to do this, depending on how much you want to
customize things. I like to keep it simple.

Hope this helps!
Steve

-----Original Message-----
From: Robin Gruyters [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 01, 2000 1:21 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) checking other attributes


Hi,

We are using Radiator now for a year and it is working great. We using now
Radiator 2.15 with LDAP.

I've got a question, normaly it checks on username and password, but is it
possible to check it on other attributes like "accountStatus"

-- 
Regards,

 Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
 http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
 BOFH excuse: Standing room only on the bus.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to