Selecting one of multiple Ldap server in users file
xav guerin
xavtoo at gmail.com
Wed Dec 28 15:20:40 CET 2005
Hi,
You can also set Auth-Type and then add an entry in authentication
section like you did in authorize.
it could look like this :
in users files:
user ...,Autz-Type := aldap1, Auth-Type := aldap1
and in radiusd.conf:
Authorize{
...
Autz-Type aldap1 {
...
}
...
}
Authenticate {
...
Auth-Type aldap1 {
...
}
...
}
Xav
2005/12/28, Gerald Richter <richter at ecos.de>:
> Hi,
>
> >
> > Use Autz-Type instead of Auth-Type
> > and set "Autz-Type := aldap1" in the users file (in check items)
> >
>
> That's what I already do and authorization works correctly and accesses
> ldap1 or ldap2 as it should, but when it comes to authentication, Auth-Type
> is set to "LDAP" by the authorization phase and it didn't know about
> different ldap servers anymore
>
> Gerald
>
>
>
> > 2005/12/28, Gerald Richter <richter at ecos.de>:
> > > Hi,
> > >
> > > I want to use more than one ldap server to authenticate
> > users. I have
> > > setup a users file that sets the Autz-Type so one of two
> > ldap server
> > > are selected for authorization. Since it is not known which kind of
> > > authentication information is provied by the user, chap is also
> > > included, like
> > >
> > > Authorize
> > > {
> > > preprocess
> > > suffix
> > > file
> > > Auth-Type aldap1
> > > {
> > > chap
> > > ldap1
> > > }
> > > Auth-Type aldap2
> > > {
> > > chap
> > > ldap2
> > > }
> > > }
> > >
> > > My problem is now when it comes the authentication, because both
> > > instances of the ldap module sets the Auth-Type to LDAP, it
> > will only
> > > work with one ldap server. Also I cannot set the Auth-Type in the
> > > users file, because it might also be set to CHAP by the chap module.
> > >
> > > How can I specify which ldap server to use for
> > authentication in such
> > > a case? Is there a possibility to include the module
> > instance name in
> > > the Auth-Type?
> > >
> > > Thanks
> > >
> > > Gerald
> > >
> > >
> > >
> > >
> > >
> > --------------------------------------------------------------
> > -------------
> > > Gerald Richter ecos electronic communication
> > services gmbh
> > > IT-Securitylösungen * Webapplikationen mit
> > > Apache/Perl/mod_perl/Embperl
> > >
> > > Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
> > > E-Mail: richter at ecos.de Voice: +49 6133 939-122
> > > WWW: http://www.ecos.de/ Fax: +49 6133 939-333
> > >
> > ----------------------------------------------------------------------
> > > ----- ECOS BB-5000 Firewall- und IT-Security Appliance:
> > > www.bb-5000.info
> > >
> > ----------------------------------------------------------------------
> > > -----
> > >
> > >
> > >
> > >
> > >
> > > ** Virus checked by BB-5000 Mailfilter **
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > ** Virus checked by BB-5000 Mailfilter **
> > !DSPAM:43b2754e166506533414836!
> >
>
>
>
> ** Virus checked by BB-5000 Mailfilter **
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list