[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Freeradius with MS Active directory
From: tran thang <trnthang () yahoo ! com>
Date: 2007-12-27 12:39:44
Message-ID: 108962.94008.qm () web60519 ! mail ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello all,
I am configuring freeradius with Cisco AP as access device and Microsoft AD as User \
database for users authentication by email and password but still having some bugs.
So if anyone have used familiar solution please kindly guide me config radiusd.conf \
file so FreeRadius can communicate with MS AD.
Yours Respectfully,
Tran Nam Thang.
----- Original Message ----
From: Oguzhan Kayhan <oguzhank@bilkent.edu.tr>
To: Peter Nixon <listuser@peternixon.net>
Cc: freeradius-users@lists.freeradius.org
Sent: Thursday, December 27, 2007 7:16:21 AM
Subject: Re:
Hello Peter and all,
Yes i managed to work authentication via rlm_perl. I can get accept or
reject without a problem.
WHat i wonder is can i use it as a hybrid system as, to keep radacct logs
in sql, or to get some info data from radgrouprelpy or smwhere?
Or some stuff similar like this.
I just wanna use rlm_perl for user/pass matching thats all. Rest should be
by mysql.
Or do i have to write all this modules manually in my perl script too?
> Selam Oguzhan
>
> You need to be aware of a few things:
>
> Firstly, unless your clients use PAP you will not have a plain text
> password
> to use when loging into the IMAP server.
>
> Secondly, It is almost always a better idea to directly check the same
> backend credential store that yoru IMAP server uses than going via the
> IMAP
> protocol. If its a large mail server (At bilkent for example ;-) then you
> probably have an LDAP tree or SQL server at the backend which FreeRADIUS
> can
> directly talk to which would save several steps and protocol conversions
> and
> be much faster than going via IMAP. (You would also likely not have to
> write
> a perl module..)
>
> Ä °yi à §alÄ ±Ã…�malar
>
> Peter
>
> On Mon 24 Dec 2007, Oguzhan Kayhan wrote:
> > Hello all,
> > I am trying to figure out how to use rlm_perl module for authentication
> > purposes.
> > Whats in my mind is to use my existing IMAP server to check if account
> > exists or not.
> > On the wiki page of rlm_perl i see an example script as :
> >
> > # Function to handle accounting
> > sub accounting {
> > # For debugging purposes only
> > # &log_request_attributes;
> >
> > # You can call another subroutine from here
> > &test_call;
> >
> > return RLM_MODULE_OK;
> > }
> >
> > Ok...
> > Now.. what should be my return value for test_call subroutine to make it
> > work. I am planning to call an Imap module here and as a return value i
> > should return what?
> > Im not good at perl so, any tiny help will be appreciated.
> >
> > I am planning to make smthing like this but i am really not sure if it
> > works or not:
> >
> > sub imapLogin {
> > my $host = shift;
> > my $account = shift;
> > my $password = shift;
> > my $server = shift;
> >
> > # open a connection to the IMAP server
> > if (! ($server = new Net::IMAP::Simple($host))) {
> > return "cannot connect IMAP server";
> > }
> >
> > # login, if success return 1 (true?) and 0 (false?)
> > if ($server->login( $account, $password )) {
> > return RLM_MODULE_OK;
> > } else {
> > return RLM_MODULE_REJECT;
> > }
> > }
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
>
> --
>
> Peter Nixon
> http://peternixon.net/
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. \
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
[Attachment #5 (text/html)]
<html><head><style type="text/css"><!-- DIV {margin:0px;} \
--></style></head><body><div style="font-family:times new roman, new york, times, \
serif;font-size:12pt"><DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new \
york, times, serif">Hello all,</DIV> <DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times \
new roman, new york, times, serif"> </DIV> <DIV style="FONT-SIZE: 12pt; \
FONT-FAMILY: times new roman, new york, times, serif">I am configuring freeradius \
with Cisco AP as access device and Microsoft AD as User database for users \
authentication by email and password but still having some bugs.</DIV> <DIV \
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, \
serif"> </DIV> <DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new \
york, times, serif">So if anyone have used familiar solution please kindly guide me \
config radiusd.conf file so FreeRadius can communicate with MS AD.</DIV> <DIV \
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, \
serif"> </DIV> <DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new \
york, times, serif">Yours Respectfully,</DIV> <DIV style="FONT-SIZE: 12pt; \
FONT-FAMILY: times new roman, new york, times, serif">Tran Nam Thang.</DIV> <DIV \
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, \
serif"> </DIV> <DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new \
york, times, serif"><BR><BR> </DIV> <DIV style="FONT-SIZE: 12pt; FONT-FAMILY: \
times new roman, new york, times, serif">----- Original Message ----<BR>From: Oguzhan \
Kayhan <oguzhank@bilkent.edu.tr><BR>To: Peter Nixon \
<listuser@peternixon.net><BR>Cc: freeradius-users@lists.freeradius.org<BR>Sent: \
Thursday, December 27, 2007 7:16:21 AM<BR>Subject: Re:<BR><BR>Hello Peter and \
all,<BR>Yes i managed to work authentication via rlm_perl. I can get accept \
or<BR>reject without a problem.<BR>WHat i wonder is can i use it as a hybrid system \
as, to keep radacct logs<BR>in sql, or to get some info data from radgrouprelpy or \
smwhere?<BR>Or some stuff similar like this.<BR>I just wanna use rlm_perl for \
user/pass matching thats all. Rest should be<BR>by mysql.<BR>Or do i have to write \
all this modules manually in my perl script too?<BR><BR><BR>> Selam \
Oguzhan<BR>><BR>> You need to be aware of a few things:<BR>><BR>> \
Firstly, unless your clients use PAP you will not have a plain text<BR>> \
password<BR>> to use when loging into the IMAP server.<BR>><BR>> Secondly, \
It is almost always a better idea to directly check the same<BR>> backend \
credential store that yoru IMAP server uses than going via the<BR>> IMAP<BR>> \
protocol. If its a large mail server (At bilkent for example ;-) then you<BR>> \
probably have an LDAP tree or SQL server at the backend which FreeRADIUS<BR>> \
can<BR>> directly talk to which would save several steps and protocol \
conversions<BR>> and<BR>> be much faster than going via IMAP. (You would also \
likely not have to<BR>> write<BR>> a perl module..)<BR>><BR>> Ä °yi à \
§alÄ ±Ã…�malar<BR>><BR>> Peter<BR>><BR>> On Mon 24 Dec 2007, Oguzhan \
Kayhan wrote:<BR>>> Hello all,<BR>>> I am trying to figure out how to use \
rlm_perl module for authentication<BR>>> purposes.<BR>>> Whats in my mind \
is to use my existing IMAP server to check if account<BR>>> exists or \
not.<BR>>> On the wiki page of rlm_perl i see an example script as \
:<BR>>><BR>>> # Function to handle accounting<BR>>> sub accounting \
{<BR>>> # For debugging purposes only<BR>>> \
# &log_request_attributes;<BR>>><BR>>> \
# You can call another subroutine from here<BR>>> \
&test_call;<BR>>><BR>>> \
return RLM_MODULE_OK;<BR>>> }<BR>>><BR>>> Ok...<BR>>> \
Now.. what should be my return value for test_call subroutine to make it<BR>>> \
work. I am planning to call an Imap module here and as a return value i<BR>>> \
should return what?<BR>>> Im not good at perl so, any tiny help will be \
appreciated.<BR>>><BR>>> I am planning to make smthing like this but i am \
really not sure if it<BR>>> works or not:<BR>>><BR>>> sub \
imapLogin {<BR>>> my $host = shift;<BR>>> my \
$account = shift;<BR>>> my $password = shift;<BR>>> \
my $server = shift;<BR>>><BR>>> # open a connection \
to the IMAP server<BR>>> if (! ($server = new \
Net::IMAP::Simple($host))) {<BR>>> return "cannot connect \
IMAP server";<BR>>> }<BR>>><BR>>> # \
login, if success return 1 (true?) and 0 (false?)<BR>>> if \
($server->login( $account, $password )) {<BR>>> return \
RLM_MODULE_OK;<BR>>> } else {<BR>>> \
return RLM_MODULE_REJECT;<BR>>> }<BR>>> \
}<BR>>><BR>>><BR>>><BR>>> -<BR>>> List \
info/subscribe/unsubscribe? See<BR>>> <A \
href="http://www.freeradius.org/list/users.html" \
target=_blank>http://www.freeradius.org/list/users.html</A><BR>><BR>><BR>><BR>> \
--<BR>><BR>> Peter Nixon<BR>> <A href="http://peternixon.net/" \
target=_blank>http://peternixon.net/</A><BR>><BR><BR><BR>-<BR>List \
info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html" \
target=_blank>http://www.freeradius.org/list/users.html</A><BR></DIV> <DIV \
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, \
serif"><BR></DIV></div><br> <hr size=1>Looking for last minute shopping deals? <a \
href="http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping"> \
Find them fast with Yahoo! Search.</a></body></html>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic