[afnog] Cisco, Radius & LDAP Problem

Thato Molise info at datacom.co.ls
Tue Apr 25 10:23:07 EAT 2006 

----- Original Message ----- 
From: "Thato Molise" <info at datacom.co.ls>
To: "Brian Candler" <B.Candler at pobox.com>
Sent: Tuesday, April 25, 2006 9:22 AM
Subject: Re: [afnog] Cisco, Radius & LDAP Problem


> By setting them I meant entering the Expiry date values for my users in 
> LDAP database by webmin interface, I thought maybe RADIAS authentication 
> will take over from there. I dont know much about RADIUS customization. I 
> dint use any Expiry date attributes to authenticate as per say, but at the 
> beggining of  my /etc/raddb/users conf file I have added the following
>
> DEFAULT Group = = "disabled", Auth-Type := Reject
>                Reply-Message = "Your account has been disabled."
>
> DEFAULT Auth-Type = System
>        Fall-Through = Yes
>
> DEFAULT Auth-Type := LDAP
>        Fall-Through = Yes
> ....
> ....
> ....
>
> Hoping that LDAP will disable the users account if it has expired.
>
> I could see that in the radius dictionary the Expiry date attribute for 
> LDAP "Expiration" is mapped to radiusExpiration attribute but I dont 
> really know how to compare the System date Expiry value with radius Expiry 
> date . Please help! Indeed Im really new in Linux, getting a bit confused 
> with the RADIAS LDAP staff.
>
>
>
>
> ----- Original Message ----- 
> From: "Brian Candler" <B.Candler at pobox.com>
> To: "Thato Molise" <info at datacom.co.ls>
> Cc: <afnog at afnog.org>
> Sent: Saturday, April 22, 2006 9:48 AM
> Subject: Re: [afnog] Cisco, Radius & LDAP Problem
>
>
>> On Sat, Apr 22, 2006 at 09:14:22AM +0200, Thato Molise wrote:
>>> But I have a little problem again. Even when I have set the expiry dates
>>> for the account my freeRADIUS still authenticates the user how can I 
>>> make
>>> sure that this doesnt happen!
>>
>> You'll have to be more specific.
>>
>> * How did you set expiry dates? Did they go into an LDAP attribute? If 
>> so,
>> what attribute do you use? Give an example of one of the values you put 
>> in
>> it.
>>
>> * How did you configure freeradius to ask it to check the contents of 
>> this
>> attribute?
>>
>> Regards,
>>
>> Brian.
>

More information about the afnog mailing list