Two-Step LDAP authentication?

Juan Rodríguez cutrez at hotmail.com
Thu Sep 16 13:36:18 CEST 2010


Hi everybody!
I'm a new subcriber of this list. I'm trying to setup a radius server with LDAP authentication; I've managed to authenticate a user (from a Cisco Device), 
but my fellows from Security Department think that we should have a two-step authentication:
1. User/password authentication, searching in cn=users,ou=pepe,ou=jose,c=es
2. A compare request, searching a specific objectclass in the LDAP tree.
So, the idea is the following one: depending on the NAS-IP-Address, not only to check for a correct password, but search the uid in an objectclass called 
owner in the entry cn=deviceX,ou=pepe,ou=jose,c=es.

deviceX is the one with the source NAS-IP-Address. I Know how to unlang using swicht statements, configuring differents ldap's modules in the radius 
server, so I can write the basedn I want.

But how can do the step 2?

Thank you and sorry for my english. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100916/65d42f24/attachment.html>


More information about the Freeradius-Users mailing list