I'm finding some problems with GroupUserBindString. It seems that it is not replacing
%{User-Name} with its value, which is being updated from the PreAuthHook. The
%{User-Name} works fine with AuthUser & BindString.
Configuration:
<Client 10.0.0.1>
Secret ********
Identifier PIX_Auth
</Client>
<AuthBy ADSI>
Identifier AD_Auth
BindString LDAP://Radiator/%{User-Name}
AuthUser %{User-Name}
AuthFlags 0
GroupBindString LDAP://Radiator/CN=%0,OU=Govnet,DC=radius,DC=test,DC=com
GroupUserBindString LDAP://Radiator/%{User-Name}
DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
</AuthBy ADSI>
<Handler Client-Identifier=PIX_Auth>
PreAuthHook file:"config/adsi_user.hook"
<AuthBy FILE>
Filename config/groups.txt
</AuthBy>
</Handler>
Debug:
Sat Jan 12 20:12:14 2002: DEBUG: Handling with Radius::AuthFILE:
Sat Jan 12 20:12:14 2002: DEBUG: Radius::AuthFILE looks for match with attaa025
Sat Jan 12 20:12:14 2002: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Sat Jan 12 20:12:14 2002: DEBUG: Handling with ASDI
Sat Jan 12 20:12:14 2002: DEBUG: BindString converted to LDAP://Radiator/CN=atta
a025,OU=Govnet,DC=radius,DC=test,DC=com
Sat Jan 12 20:12:14 2002: DEBUG: AuthUser converted to CN=attaa025,OU=Govnet,DC=
radius,DC=test,DC=com
Sat Jan 12 20:12:14 2002: DEBUG: GroupBindString converted to LDAP://Radiator/CN
=FullTimeHTTP,OU=Govnet,DC=radius,DC=test,DC=com
Sat Jan 12 20:12:14 2002: DEBUG: GroupUserBindString converted to LDAP://Radiato
r/
Sat Jan 12 20:12:14 2002: DEBUG: Radius::AuthFILE REJECT: User attaa025 is not i
n Group FullTimeHTTP
Thanks,
Alan Attard
_____________________________________________________________
YMCAMAIL • YOUR MAIL COMING SOON --->
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
