Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAS-Port-Id authentication when using openLDAP with steel-belted radius ???

Trung, Nguyen Du
New Contributor
‎03-07-2011 12:34:AM
‎03-07-2011 12:34:AM

NAS-Port-Id authentication when using openLDAP with steel-belted radius ???

Dear all,

I have a question about NAS-Port-Id for authentication user by openLDAP and steel-belted radius server.

In openLDAP schema, I has defined a radiusNASPortId attribute. I want to use NAS-Port-ID as a check-list for authentincation user.

I has configuration ldapauth.aut header file for authentication with Ldap.

in [attribute/ name] always include radiusNASPortId attribute for lookup in openLDAP attribute.

in [Response] I has configured NAS-Port-Id = radiusNASPortId for mapping radius NAS-Port-Id to LDAP radiusNASPortId attribute.

But when I test with account from ldap, the authentincation successful in case the radius request packet not include NAS-port-ID attribute. the radius server not check NAS-Port-ID attribute from radius request packet, only check username and password. So I want radius check username, password and NAS-Port-ID for succsesfull authentication User.

Anyone can help me or provide for me a method how to do that.

Thanks very much,

Trung.

0 Kudos
1 REPLY 1
CraigB_
Frequent Contributor
‎03-18-2011 12:06:PM
‎03-18-2011 12:06:PM

Re: NAS-Port-Id authentication when using openLDAP with steel-belted radius ???

If you want to verify the user's NAS-PORT-ID, you must use this in the FILTER of the LDAP search. Simply adding it to the ATTRIBUTES and RESPONSE secions only tells SBR to RETURN the value in the LDAP database to the RADIUS attribute. It does not tell SBR to use it as a checklist attribute.

With LDAP, the only way you can get a checklist attribute to be used is to use a PROFILE. You can define the PROFILE in the SBR GUI and then add your checklist values there. In the LDAP file, you can add a [DEFAULT] section and put something like myProfile=PROFILENAME (whatever you defined in the GUI.

Then, in the [RESPONSE] section, you add %Profile=myProfile.

This will tie the profile to a successfully authenticated user. That profile's checklist will be evaluated. If they pass the checklist, they will authenticate.

Hope that helps

Craig

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.