Multiple LDAP (Not failover) lookup...
Alan DeKok
aland at deployingradius.com
Wed Nov 8 00:12:16 CET 2006
Eric Martell <workoutexcite at yahoo.com> wrote:
> Thanks so much Neal. You got it 95% right. The problem
> is FreeRadius always authorize first (no matter what
> the order in radiusd.conf) and then authenticate.
Yes, that's how the server works.
> (****This authorize should break the sequence and
> return FAIL. I tried ldap2 { fail = return } but no
> help...still returns notfound ****)
See doc/configurable_failover. You may want:
...
ldap2 {
fail = reject
}
...
> Technically it should authenticate and then authorize
> and send the group response (AND) of both.
Then... configure it to do that. The default behavior is that a
"notfound" error is NOT fatal, because another module or database may
find the user.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list