Hi All, I would like to know if there is an LDAP-Attribute (customized or standarized) in order to define the kind of authentication required for an user entry. For example, a user LDAP entry can be validated by the Radiator Radius Server via /etc/unix/password or a remote radius or ACE/SERVER according to the value of an "Auth-type" LDAP attribute. Another question is : where can I get the perl script for installing the Authen-ACE module? I would like to test interoperability with ACE/SERVER.
Can I get some help from this marvellous mailing list:)) Regards, Enrique -----Mensaje original----- De: Enrique Diez Fernandez [mailto:[EMAIL PROTECTED]] Enviado el: viernes, 24 de enero de 2003 20:03 Para: [EMAIL PROTECTED] Asunto: Hi All, I am trying to configure my radiator radius server in order to check an ldap entry and verify an attribute of that server. I want to check if the attribute "authmethod" value is "ace" or "none". In case of "ace", I want the server to reject the authentication request. The configuration of the server is below: " <AuthBy LDAP2> Host 192.168.70.134 Port 389 AuthDN cn=Directory Manager # AuthPassword yourADadminpasswordhere AuthPassword qwerty123 BaseDN ou=area3,o=davinci,st=Madrid,c=es UsernameAttr uid PasswordAttr userPassword AuthAttrDef authmethod,NO-ACE-Server,check </AuthBy> ". I have added to the user config file the line : DEFAULT NO-ACE-Server = "none". I have added to the "Check items" in the dictionary file the following line: " ATTRIBUTE NO-ACE-Server 90480019 string" When I tried to access, with the user = Albertoj which authmethod value = ace, I would like to get an accept-request response from the radius but I got the following debug: " Code: Access-Request Identifier: 2 Authentic: 1043434427 Attributes: User-Name = "albertoj" User-Password = "oPW<204><169><11>1f<23>=<164><26><29><224><182><179>" Fri Jan 24 19:53:47 2003: DEBUG: Handling request with Handler 'Realm=' Fri Jan 24 19:53:47 2003: DEBUG: Deleting session for albertoj, 192.168.70.11 Fri Jan 24 19:53:47 2003: DEBUG: Handling with Radius::AuthLDAP2: Fri Jan 24 19:53:47 2003: INFO: Connecting to 192.168.70.134, port 389 Fri Jan 24 19:53:47 2003: INFO: Attempting to bind with cn=Directory Manager, erty123 (server 192.168.70.134:389) Fri Jan 24 19:53:47 2003: DEBUG: LDAP got result for cn=Alberto Juarez,ou=area o=davinci,st=Madrid,c=es Fri Jan 24 19:53:47 2003: DEBUG: LDAP got userPassword: {SSHA}VpP5xc7VlLwrp0mF 5kaCC6eGPuPU8wq34ffw== Fri Jan 24 19:53:47 2003: DEBUG: LDAP got authmethod: ace Fri Jan 24 19:53:47 2003: DEBUG: Radius::AuthLDAP2 looks for match with albert Fri Jan 24 19:53:47 2003: DEBUG: Radius::AuthLDAP2 REJECT: Check item NO-ACE-S ver expression 'ace' does not match '' in request Fri Jan 24 19:53:47 2003: INFO: Connecting to 192.168.70.134, port 389 Fri Jan 24 19:53:47 2003: INFO: Attempting to bind with cn=Directory Manager, erty123 (server 192.168.70.134:389) Fri Jan 24 19:53:47 2003: DEBUG: No entries for DEFAULT found in LDAP database Fri Jan 24 19:53:47 2003: INFO: Access rejected for albertoj: Check item NO-AC Server expression 'ace' does not match '' in request Fri Jan 24 19:53:47 2003: DEBUG: Packet dump: *** Sending to 192.168.70.116 port 1221 .... Code: Access-Reject Identifier: 2 Authentic: 1043434427 Attributes: Reply-Message = "Request Denied"" Is there anything I am missing? Any documentation about the LDAP documentation checks? Regards, Enrique === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.