Hello Deen -
We will need to see a trace 4 debug from Radiator showing what is happening.
regards
Hugh
On Sunday, Sep 14, 2003, at 11:04 Australia/Melbourne, deen wrote:
Hi List,
What I am trying to do is, authenticate a user CLI appearing in the RADIUS Auth records, against his telephone number residing in LDAP, rather than username/password. I have seen a sample in the ldap.cfg in the goodies directory and was checking. Following is what I have in my cfg file.
This does not work, and the line drops at authentication. I am using a Cisco AS 5300. Please tell me what I am missing. I have tested the > LDAP
with normal username/password and it works.
Thanks
Deen
<Realm DEFAULT>
<AuthBy LDAP2>
Host localhost
Port 389
Version 3
AuthDN cn=Manager,dc=slt,dc=lk
AuthPassword xxx
# The base DN at which to start the search
BaseDN dc=slt,dc=lk
#UsernameAttr uid
#PasswordAttr userPassword
#Framed-Protocol = PPP,\
#Framed-IP-Netmask = 255.255.255.255,\
#Framed-Routing = None,\
#Framed-MTU = 1500,\
#Framed-Compression = Van-Jacobson-TCP-IP
## Old Stuff ##
# This will check Calling-Station_id against
# LDAP attribute mobile
Identifier Check-LDAP-telephoneNumber
# Identifier telephoneNumber
# Calling-Station-Id is used to search
# instead of UsernameAttr and PasswordAttr
SearchFilter (telephoneNumber=%{Calling-Station-Id})
NoDefaultIfFound
AddToReply Framed-Protocol = PPP,\
Service-Type = Framed-User
## Old Stuff ##
</AuthBy>
etc.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
