Users-file and LDAP backend mixing questions

Alan DeKok aland at
Mon Jan 19 10:30:42 CET 2009

Куприянов Максим wrote:
> I'm using FreeRadius 2.1.3 with LDAP (eDirectory) and plain-text (users file) backends and I don't know how to solve a couple of problems :(

  How do you tell the users apart?

> 1. Is possible to mix users with same names, but different passwords from LDAP and from users file? There are some old time users in my org, who don't belong to eDirectory tree and there are users in eDirectory with same names that should not be treated like old-time ones.


> 2. I need some special DEFAULT with Fall-Through=yes rules that should match only users, authenticated by LDAP backend. I've tried Ldap-UserDn in check section of users file, but it seems to me, that Ldap-UserDn attribute is empty everytime :(

  Don't use the "users" file for this.  See "man unlang".

> 3. Also i need a reject rule for those users, who was authenticated by LDAP and do not belong to any ldap-group. I've tried Ldap-Group !*, but this attribute always exists for every user :(

  I'm not sure how you would do that.  Maybe do an LDAP query for group
membership, and check if the returned string is empty.

  Alan DeKok.

More information about the Freeradius-Users mailing list