On Wed, 4 Jun 2003 [EMAIL PROTECTED] wrote:
Hi,
Here is my problem :
if an user in LDAP have many passwords
(example : Jean Marie DUPOND
passwordCISCO : toto
passwordVPN : titi)
can I indicate to Radius to take a specific password when Radius do
a LDAP's request
Example : if DUPOND want authenticate to a CISCO router, Radius
must be use the attribute containing passwordCISCO
if he want authenticate to a VPN, Radius must be
use the the attribute containing passwordVPN
I tried the directive in radiusd.conf : attribute_password in ldap
module to specify another attribute instead of attribute userPassword
Example : attribute_password = cn
But if I want authenticate an user, I receive an ACCESS-REJECT
An idea ??
Here is an answer that I have received :
You can not do what you want to do. The password is the password. You
can not have multiple passwords un the customer record it just doesn't
work like that. If you are looking to have multiple passwords or be
able to authenticate to a different device with a different password
then you are going to need a new entry in LDAP under a different tree
and an entirely different radius server to query it.
The above is right if you are talking about *LDAP* authentication (LDAP BIND
operation). It is not right if you are just talking about extracting the user
password from ldap and using pap/chap for authentication.
It's wrong or right ?
Philippe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html