LDAP with fallback on local authentication?

Justin Steward althalus87 at gmail.com
Tue Apr 14 01:40:43 CEST 2009


On Mon, Apr 13, 2009 at 4:48 AM, Ivan Kalik <tnt at kalik.net> wrote:

>   > You've mentioned a few times that LDAP is not meant for
> authentication, however the default config that ships with FreeRADIUS has
> LDAP in
> > the authentication section. Could you clear that up a little for me
> please? (or point me to somewhere it's been cleared up before?)
>
>  Don't force Auth-Type Ldap.
>
> But you will have to use two sql instances - one to store reply info and
> one to store backup passwords. You can't store passwords in sql (used for
> reply attributes) and ldap as well.
> authorize {
> ...
> sql_reply
> ldap
> if (notfound | fail) {
>     sql_bkp_pass
> }
> ...
> }
>
>

Works perfectly. Exactly what I was after. Thanks Ivan.

Regards,
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090414/426f37a6/attachment.html>


More information about the Freeradius-Users mailing list