freeradius with multiple ldap servers
Alan DeKok
aland at deployingradius.com
Thu Jun 19 09:35:36 CEST 2008
Sambuddho Chakravarty wrote:
> Yes , but on a freeradius-2.05 , when I create a separate authenticate
> {} and authorize {} subsection and plug in the following :
>
> authorize {
> Autz-Type LDAP {
You don't need to use Autz-Type in 2.0.
> authenticate {
> Auth-Type LDAP{
> redundant{
Don't use redundant sections here. Just list the two LDAP modules
independently. The LDAP server that was used in the authorize section
will ensure that it is also used in the authenticate section.
> ${confdir}/modules/ldap1
And I hope that's not what I think it is.
> It doesn't work.
See the FAQ for "it doesn't work".
> Here the ldap1 and ldap2 are two separate files in
> the /etc/raddb/modules directory and have separate ldap server IP
> addresses. Can anyone please point out to me where I am going wrong ?
Lots. The major one is that you are putting the module
*configuration* into the authorize and authenticate sections. I have no
idea why you think that's a good idea. The examples included in the
server DO NOT DO THIS.
The files in the "modules" directory belong in the "modules" section
of radiusd.conf. This is documented in the comments, and in many examples.
The entries in the "authorize" and "authenticate" sections are simply
a one-word reference to the name of a module. Again, this is documented
in the comments and in many examples.
Alan DeKok.
More information about the Freeradius-Users
mailing list