Oracle OID and FreeRadius

Robert Masters RMasters at bunnings.com.au
Wed Dec 8 03:50:46 CET 2010


Okay, so we've got the whole ancient version thing sorted out, and we
now have things working - sort of.

To recap: We've been working on using Freeradius on RHEL5.4 to link a
Motorola RFS6000 with Oracle OID.

We now have the following situation - and fair warning this is something
of an edge-case as far as FreeRadius goes, as the problem appears to be
more OID.

We can: Use the oracleadmin user to bind to OID and have everything
work. This is sub-optimal for more reasons than I care to count, and
probably more than I can imagine.
We can: Set up an ACL/ACI in OID to allow the purpose-created bind-user
to access the userpassword of a specific user. Radius authentication
then works for that user. Needless to say, it is impractical to do this
for every single user.
We cannot: Set up an OID ACL/ACI to allow the purpose created bind-user
to access the userpassword of every user. This is where we want to get
to.

An alternate path would be to convince FreeRadius to obtain the
user-supplied password via EAP-GTC *before* connecting to OID to
authenticate the user, if that is possible. (None of the doco I have
read to date suggests that it is.) 

Does anyone have any suggestions? Oracle are being questioned on this as
well, but are not being particularly helpful yet.

-Rob.

Unix Systems Administrator

Bunnings Group Limited
126 Pilbara Street, Welshpool WA 6106
Locked Bag 20, Welshpool WA 6986
Phone : (08) 9365-1507
Fax : (08) 9358-6054
E-mail : rmasters at bunnings.com.au
Website : www.bunnings.com.au


************************************************************************
Bunnings Legal Disclaimer:

1)     This email is confidential and may contain legally privileged
information.  If you are not the intended recipient, you must not
disclose or use the information contained in it.  If you have received
this email in error, please notify us immediately by return email and
delete the document.

2)     All emails sent to and sent from Bunnings Group Limited.
are scanned for content.  Any material deemed to contain inappropriate
subject matter will be reported to the email administrator of all
parties concerned.
************************************************************************




More information about the Freeradius-Users mailing list