[Date Prev][Date Next]
Re: userPassword ACL for radius account
I'm using a older version, which I cannot upgrade at the
moment: Livingston RADIUS 2.1 1999/6/23 NDBM sun sys5 flat_users
I think I will just try the peername with IP address to allow
Thanks for the input.
Buchan Milne wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Scott Walker wrote:
| Hi all,
| I need to allow my radius server's local radius userid access to
| everyones passwd in the directory for dial-up authentication.
If your radius server *really* needs to have read access to the
userPassword it is broken - you may want to investigate other radius
servers which aren't broken ...
| radius account is not in the directory.
| Would something simple in the first acl like: by dn="radius" read work?
Well, assuming that it is a valid dn, and has a userpassword attribute/
| # ACL
| access to attr=userPassword
| by dn="cn=admin,o=domain" read
| by self read
| by anonymous auth
| by * none
| access to *
| by * read
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Unix Systems Administration
Magma Communications Ltd.
t: (613) 228-3565
f: (613) 228-8313
This e-mail message is confidential, may be privileged and is intended
for the exclusive use of the addressee. Any other person is strictly
prohibited from disclosing, distributing or reproducing it. If the
addressee cannot be reached or is unknown to you, please inform the
sender by return e-mail immediately and delete this e-mail message and
destroy all copies. Due to the inherent risks associated with the
Internet, we assume no responsibility for unauthorized interception of
any Internet communication with you or the transmission of computer
viruses. Thank you.