Re: authenticating multiple modules?

Ivan,
No unfortunately it doesn't work that way, though I wish it did because that would be easy. I can't get system to authenticate with that config which works fine if I comment out the ldap line. 
  Alan Dekok mentioned this:
" pull the password from LDAP, and let the server decide how
the user should be authenticated.

  You could also set Auth-Type *conditionally*, if the user was in one
group or another."
However, I am not able to find examples of how to get his suggestions to work yet. I saw someone else trying to set up groups in the huntgroup so maybe I should investigate that route more. But I don't have particular nas's to group by so I am not sure how to group things. When a request comes in from different sources, its random as to whether it will be a staff or student. I just need the solution to query both the system and ldap for authentication. 

Tim

t 07:21 PM 3/12/2007, you wrote:

Hi Tim,

No "others" so I'll try.

I assume that it should work like this:

DEFAULT   Auth-Type := System
                 Fall-Through = Yes

DEFAULT   Auth-Type := LDAP

I think that users will be checked against the system first and if not
found against LDAP. Take this with a pinch of salt - I never used users
file, System or LDAP, only MySQL.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "Tim Tyler" <tyler@beloit.edu> pi¹e:

>Ivan, or others,
>   Ok, I can't seem to find documentation on
>this.  If I don't use the users file, I presume I
>should create the groups in the radiusd.conf
>file.  How does one create a group for Students
>and Staff (syntax)?  Can I assign Auth-Type =
>System for Staff and Auth-Type = LDAP for Staff
>and have a request against both groups?  Note,
>there is no way ahead of time to distinguish
>between a user that is staff or student.  So I
>need the solution to first check the system file and then check against ldap. 
>   Is there an example configuration somewhere I
>can follow that authenticates against a system file and ldap?
>
>Tim
>
>
>At 06:32 PM 3/9/2007, you wrote:
>>Don't put Auth-Type in users file. Make groups Students nad Staff,
>>assign users to them and put the Auth-Type you want for that group as
>>group check item.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 9/3/2007, "Tim Tyler" <tyler@beloit.edu> pi¹e:
>>
>> >Freeradius experts,
>> >    I want to use one freeradius server to authenticate against a
>> >system file for students and against ldap for faculty/staff.  I can
>> >get the system file to work alone.  I can get the ldap module to work
>> >alone.  But I can't seem to find a way to get both of them to work
>> >together.  If I set DEFAULT Auth-Type = System in the users file, it
>> >authenticates the system files.  If I set it to ldap, it
>> >authenticates to ldap.  If I put both in the users file, it
>> >authenticates ldap users only.  How do I allow both unix and ldap
>> >modules to authenticate their respective users?   Note: users are
>> >unique to each module.  A user in unix does
>> not exist in ldap and vice versa.
>> >
>> >
>> >
>> >Tim Tyler
>> >Network Engineer - Beloit College
>> >tyler@beloit.edu
>> >
>> >
>> >-
>> >List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> >
>> >
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
>
>Tim Tyler
>Network Engineer - Beloit College
>tyler@beloit.edu
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Tim Tyler
Network Engineer - Beloit College
tyler@beloit.edu
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.