Hi everybody! I'm a new subcriber of this list. I'm trying to setup a radius server with LDAP authentication; I've managed to authenticate a user (from a Cisco Device), but my fellows from Security Department think that we should have a two-step authentication: 1. User/password authentication, searching in cn=users,ou=pepe,ou=jose,c=es 2. A compare request, searching a specific objectclass in the LDAP tree. So, the idea is the following one: depending on the NAS-IP-Address, not only to check for a correct password, but search the uid in an objectclass called owner in the entry cn=deviceX,ou=pepe,ou=jose,c=es.
deviceX is the one with the source NAS-IP-Address. I Know how to unlang using swicht statements, configuring differents ldap's modules in the radius server, so I can write the basedn I want. But how can do the step 2? Thank you and sorry for my english.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html