[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP authentication using Radius

To: "'Aaron Richton'" <richton@nbcs.rutgers.edu>
Subject: RE: LDAP authentication using Radius
From: "JET JETASIK" <jet@transniaga.co.th>
Date: Fri, 17 Aug 2012 00:26:24 +0700
Cc: 'Howard Chu' <hyc@symas.com>, openldap-technical@openldap.org
Content-language: en-us
In-reply-to: <alpine.SOC.2.02.1208161110450.28711@toolbox.rutgers.edu>
References: <002601cd7a41$4cb89300$e629b900$@transniaga.co.th> <502AA938.5060303@symas.com> <002e01cd7a9c$ba6a2de0$2f3e89a0$@transniaga.co.th> <002e01cd7aca$89d43260$9d7c9720$@transniaga.co.th> <alpine.SOC.2.02.1208150832080.28711@toolbox.rutgers.edu> <000901cd7b63$ecb499d0$c61dcd70$@transniaga.co.th> <alpine.SOC.2.02.1208160744370.28711@toolbox.rutgers.edu> <003601cd7bbb$e5176970$af463c50$@transniaga.co.th> <alpine.SOC.2.02.1208161110450.28711@toolbox.rutgers.edu>
Thread-index: AQKAiGkou6g+kpDgwk6Xy7n+H87XAwK4iIhEAbFefNoCRmF+nQFwTcCWAeWYHEoCc1f/dwHCat+VAos/TTaVcFnq8A==

Aaron Richton wrote:
> 
> On Thu, 16 Aug 2012, JET JETASIK wrote:
> >
> [2012/08/16|14:06:22.578125][02492][MINOR][ValidationTask::getNASLocat
> > ionFro mPacket] > No NAS-IP or NAS-Identifier attribute found.
> > [2012/08/16|14:06:22.578125][02492][MAJOR][ValidationTask::routePacket
> > ] > Rejecting RADIUS request due to missing NAS Location
> >
> > I don't see there is option to define the NAS-IP or NAS-Identifier in
> > /etc/radius.conf Furthermore I dig into openldap's radius.c, only
> > RAD_USER_NAME and RAD_USER_PASSWORD(line 82, 86) attached into
> the
> > request.
> > Please advise how to put NAS-IP/NAS-Identifier into the request, maybe
> > using
> > rad_put_addr()  ?
> 
> I would think it would be easier to reconfigure your radius server to
allow the
> queries in their existing form?
> 
> With that said, if you want to send additional attributes, a modification
to
> radius.c is probably the right track. You'd probably be best inquiring to
the
> Radius community about how to do this -- I certainly don't know their API
off
> the top of my head and it's out of scope for openldap-technical.
> 

It took me some times to find out that if a radius-request, like this
openldap-contrib's radius.c, does not include either a NAS-IP or a
NAS-Identifier, it complies with old Radius RFC standard(RFC 2138), "SHOULD
contain", but not the new one(RFC 2865) "MUST contain".

--
JET JETASIK

Follow-Ups:
- Re: LDAP authentication using Radius
  - From: Howard Chu <hyc@symas.com>

References:
- LDAP authentication using Radius
  - From: "JET JETASIK" <jet@transniaga.co.th>
- Re: LDAP authentication using Radius
  - From: Howard Chu <hyc@symas.com>
- RE: LDAP authentication using Radius
  - From: "JET JETASIK" <jet@transniaga.co.th>
- RE: LDAP authentication using Radius
  - From: "JET JETASIK" <jet@transniaga.co.th>
- RE: LDAP authentication using Radius
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- RE: LDAP authentication using Radius
  - From: "JET JETASIK" <jet@transniaga.co.th>
- RE: LDAP authentication using Radius
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- RE: LDAP authentication using Radius
  - From: "JET JETASIK" <jet@transniaga.co.th>
- RE: LDAP authentication using Radius
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: RE: LDAP authentication using Radius
Next by Date: ldappasswd gives error ldap_sasl_interactive_bind_s: No such attribute (16)
Index(es):
- Chronological
- Thread