Two-Step LDAP authentication?
Juan Rodríguez
cutrez at hotmail.com
Thu Sep 16 13:36:18 CEST 2010
Hi everybody!
I'm a new subcriber of this list. I'm trying to setup a radius server with LDAP authentication; I've managed to authenticate a user (from a Cisco Device),
but my fellows from Security Department think that we should have a two-step authentication:
1. User/password authentication, searching in cn=users,ou=pepe,ou=jose,c=es
2. A compare request, searching a specific objectclass in the LDAP tree.
So, the idea is the following one: depending on the NAS-IP-Address, not only to check for a correct password, but search the uid in an objectclass called
owner in the entry cn=deviceX,ou=pepe,ou=jose,c=es.
deviceX is the one with the source NAS-IP-Address. I Know how to unlang using swicht statements, configuring differents ldap's modules in the radius
server, so I can write the basedn I want.
But how can do the step 2?
Thank you and sorry for my english.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100916/65d42f24/attachment.html>
More information about the Freeradius-Users
mailing list