[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword ACL for radius account



I'm using a older version, which I cannot upgrade at the
moment:  Livingston RADIUS 2.1 1999/6/23  NDBM sun sys5 flat_users

I think I will just try the peername with IP address to allow
access.

Thanks for the input.

Buchan Milne wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Walker wrote:
| Hi all,
| I need to allow my radius server's local radius userid access to
| everyones passwd in the directory for dial-up authentication.

If your radius server *really* needs to have read access to the
userPassword it is broken - you may want to investigate other radius
servers which aren't broken ...

| The
| radius account is not in the directory.
|
| Would something simple in the first acl like:  by dn="radius" read  work?

Well, assuming that it is a valid dn, and has a userpassword attribute/

|
| # ACL
| access  to attr=userPassword
|         by dn="cn=admin,o=domain"         read
|         by self         read
|         by anonymous    auth
|         by *            none
|
| access  to *
|         by *            read
|


Regards, Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA9scxrJK6UGDSBKcRAooPAJ0WespzIMs8Wb+rS/gfBnshlPu7/wCgiFBW
GQDR++ZZxwrQ/KZqqMyGeeI=
=wSu2
-----END PGP SIGNATURE-----


-- Scott Walker Unix Systems Administration Magma Communications Ltd.

t:  (613) 228-3565
f:  (613) 228-8313
http://www.magma.ca/

---
This e-mail message is confidential, may be privileged and is intended
for the exclusive use of the addressee. Any other person is strictly
prohibited from disclosing, distributing or reproducing it. If the
addressee cannot be reached or is unknown to you, please inform the
sender by return e-mail immediately and delete this e-mail message and
destroy all copies. Due to the inherent risks associated with the
Internet, we assume no responsibility for unauthorized interception of
any Internet communication with you or the transmission of computer
viruses. Thank you.
---