V1.10 File and LDAP Problems
Gerry Dalton
gerry.dalton at consolidated.com
Fri Feb 24 06:48:19 CET 2006
Andrew thanks for the quick reply.
>Looks like you don't have the LDAP information setup correctly.
>FreeRADIUS can't login to LDAP with the settings (un)specified.
>
> > rlm_ldap: (re)connection attempt failed
> > rlm_ldap: search failed
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns fail for request 0
> > modcall: leaving group authorize (returns fail) for request 0
>
Yep, knew that, but expected to continue with the text auth since the
user existed in that file.
>LDAP returns fail, which is weighted heavier than the both the "noop"
>returned by mschap and the "ok" returned by files. Because LDAP
>returns "fail," the entire request returns "fail." You can specify
>different weighted settings for noop, fail, etc, but the obvious
>answer is to fix your LDAP settings and then try again.
How do you go about setting the weighting. I want to be able to use
text, ldap and mysql so that we have various fall back options with a
failure of the external databases (ldap and mysql).
>Once you can
>login to the LDAP, if the user does not exist in there then LDAP
>should return "noop" for the request. If you want a user to exist in
>both the LDAP and the users file with different passwords, that
>requires a bit of tweaking but I've got it working if you need to see
Would like to see how you did it.
>Hope this helps!
>
>Andrew
Gerry Dalton, Network System Support
Consolidated Communications
Cell: 214 532-1905
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060223/b4367a7b/attachment.html>
More information about the Freeradius-Users
mailing list