Does "TACACS+ frontend" mean that the NAS has to speak TACACS+? We have some that are Radius-only. It means that *FreeRADIUS* can do TACACS+. I did not find the rlm_securid-module in my installation. It isn't included with any pre-built packages. Do I have to compile it myself? Yes. Is there a documentation somewhere? Does the module use the proprietary protocol from RSA or Radius? It links to the SecurID libraries. It's documented in src/modules/rlm_securid/ in the source tree. Alan DeKok.
Hi Alan we've decided to use the Radius-interface of the SecurID-server and not the proprietary protocol. Now I need unlang to make the access decision: LDAP-Plugin (accept) AND Proxy-Request to SecurID-Server (accept) = ACCEPT to NAS I tried it like that in the authorize-section but it did not work: filter_username preprocess # %{1} = ldap-password # %{2} = Token if (User-Password =~ /^(.+)([0-9]{6})$/) { update request { User-Password := "%{2}" } update control { Proxy-To-Realm := "securid" } update request { User-Password := "%{1}" } ldap } pap The proxying itself is working fine but not the correlation of the two results. Could you please give me a minimal example of how to create this and-logic in unlang? Thanks and best wishes Michael Gesendet: Freitag, 30. November 2018 um 16:26 Uhr Von: "Alan DeKok" <aland@deployingradius.com> An: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Betreff: Re: FreeRADIUS, OpenLDAP password change and RSA SecurID Next-Token-Mode On Nov 30, 2018, at 10:24 AM, michael böhm <ksk2@gmx.net> wrote: - List info/subscribe/unsubscribe? See [1]http://www.freeradius.org/list/users.html References 1. http://www.freeradius.org/list/users.html