Okay, so we've got the whole ancient version thing sorted out, and we now have things working - sort of.
To recap: We've been working on using Freeradius on RHEL5.4 to link a Motorola RFS6000 with Oracle OID. We now have the following situation - and fair warning this is something of an edge-case as far as FreeRadius goes, as the problem appears to be more OID. We can: Use the oracleadmin user to bind to OID and have everything work. This is sub-optimal for more reasons than I care to count, and probably more than I can imagine. We can: Set up an ACL/ACI in OID to allow the purpose-created bind-user to access the userpassword of a specific user. Radius authentication then works for that user. Needless to say, it is impractical to do this for every single user. We cannot: Set up an OID ACL/ACI to allow the purpose created bind-user to access the userpassword of every user. This is where we want to get to. An alternate path would be to convince FreeRadius to obtain the user-supplied password via EAP-GTC *before* connecting to OID to authenticate the user, if that is possible. (None of the doco I have read to date suggests that it is.) Does anyone have any suggestions? Oracle are being questioned on this as well, but are not being particularly helpful yet. -Rob. Unix Systems Administrator Bunnings Group Limited 126 Pilbara Street, Welshpool WA 6106 Locked Bag 20, Welshpool WA 6986 Phone : (08) 9365-1507 Fax : (08) 9358-6054 E-mail : rmast...@bunnings.com.au Website : www.bunnings.com.au ************************************************************************ Bunnings Legal Disclaimer: 1) This email is confidential and may contain legally privileged information. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this email in error, please notify us immediately by return email and delete the document. 2) All emails sent to and sent from Bunnings Group Limited. are scanned for content. Any material deemed to contain inappropriate subject matter will be reported to the email administrator of all parties concerned. ************************************************************************ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html