<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Hi everybody!<br>I'm a new subcriber of this list. I'm trying to setup a radius server with LDAP authentication; I've managed to authenticate a user (from a Cisco Device), <br>but my fellows from Security Department think that we should have a two-step authentication:<br>1. User/password authentication, searching in cn=users,ou=pepe,ou=jose,c=es<br>2. A compare request, searching a specific objectclass in the LDAP tree.<br>So, the idea is the following one: depending on the NAS-IP-Address, not only to check for a correct password, but search the uid in an objectclass called <br>owner in the entry cn=deviceX,ou=pepe,ou=jose,c=es.<br><br>deviceX is the one with the source NAS-IP-Address. I Know how to unlang using swicht statements, configuring differents ldap's modules in the radius <br>server, so I can write the basedn I want.<br><br>But how can do the step 2?<br><br>Thank you and sorry for my english. </body>
</html>