Multiple LDAP (Not failover) lookup...
Eric Martell
workoutexcite at yahoo.com
Thu Nov 9 19:44:44 CET 2006
Thanks Alan.
I figured it out. It should be
ldap2 {
notfound = reject
}
as ldap2 is returning notfound status.
Thanks so much again.
--- Alan DeKok <aland at deployingradius.com> wrote:
> Eric Martell <workoutexcite at yahoo.com> wrote:
> > Thanks so much Neal. You got it 95% right. The
> problem
> > is FreeRadius always authorize first (no matter
> what
> > the order in radiusd.conf) and then authenticate.
>
> Yes, that's how the server works.
>
> > (****This authorize should break the sequence and
> > return FAIL. I tried ldap2 { fail = return } but
> no
> > help...still returns notfound ****)
>
> See doc/configurable_failover. You may want:
>
> ...
> ldap2 {
> fail = reject
> }
> ...
>
> > Technically it should authenticate and then
> authorize
> > and send the group response (AND) of both.
>
> Then... configure it to do that. The default
> behavior is that a
> "notfound" error is NOT fatal, because another
> module or database may
> find the user.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of
> the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
____________________________________________________________________________________
Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.
http://voice.yahoo.com
More information about the Freeradius-Users
mailing list