[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ldap
Subject:    [ldap] LDAP, RADIUS, or both!
From:       "David Coleman" <ldap () sciuscorp ! com>
Date:       2002-07-09 17:54:36
[Download RAW message or body]

My company has multiple pieces of equipment and we are trying to get a
authentication model setup. Basically we want to create a tree so that we
have many pieces of equipment and users. The users will have access
privileges so that certain users will have access to routers, firewalls,
etc and not to other pieces of equipment. We have looked at an LDAP model,
but unfortunately certain pieces of our equipment do not authenticate to
LDAP servers. Also we are not certain how to make the LDAP server know
that a user is logging in from the specific piece of equipment (person
logs in but how does LDAP server know that that piece of equipment is a
router, win server, etc). We then looked at a Radius server, which is
supported by our hardware, however radius only supports yes or no login,
not directory trees. We have heard of radius server authenticating to LDAP
server. The problem however still arises with the LDAP server knowing what
the specific piece of hardware actually is. We can have users with
permissions, so that they are restricted to their certain hardware, with
their login and password, but we cant figure out how to make the LDAP
server recognize that they are logging in from whatever piece of hardware
that they are using. If anyone could help, please explain what protocol we
should use (radius or LDAP) and how we get LDAP to or even Radius to
recognize that a person is actually logging in from a specific piece of
hardware.

David Coleman

NI Solutions Group Inc.
A Member of SCIUS Corp)
1550-B Sixteenth Avenue
Richmond Hill, Ontario. L4B 3K9
P: (905) 770-4804
C: (416) 737-6954
F: (416) 736-1600
e-mail: ldap@sciuscorp.com


---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.


[prev in list] [next in list] [prev in thread] [next in thread]