users file question
Alan DeKok
aland at deployingradius.com
Tue Aug 17 13:23:01 CEST 2010
Aqdas Muneer wrote:
> thank you for the quick response. the reason i created the admin account
> was for use during ldap outages and you are correct that this account
> does not exist in ldap. what would be a better way to go about
> accomplishing this. i want the admin account to be only available during
> times when the ldap module returns 'fail'?
Put this into the "authorize" section:
authorize {
...
ldap {
fail = 1
}
if (fail) {
do things
}
...
}
The "do things" text should be replaced by your actual policies. i.e.
check for "admin" account, update password, etc. See "man unlang" for
details.
Alan DeKok.
More information about the Freeradius-Users
mailing list