Optional authorize methode

Alan DeKok aland at deployingradius.com
Wed Oct 6 16:44:17 CEST 2010


Ricardo Frías Alvarez wrote:
>  Hello!
> 
> I don't know how to configure Radius to do this : I want that radius
> accepts the access, if files or ldap returns ok. In descriptive code:
> 
> IF files return 'OK' THEN access-accept
> ELSE IF ldap return 'OK' THEN access-accept
> ELSE access-reject

  You can implement this pretty much like that via "unlang".

> After I saw the documentation, I thought that I can do this with
> fail-over and I add this code to sites-enabled/default:
...
> With this configuration it's happening the following: If files return OK
> the username/password are accepted. If files return fail
> username/password are rejected directly.

  Except that the "files" module never returns "fail".  See the source code.

> This is not what I want. I want that if files fail then check ldap.
> 
> How I can configure radius to implement this functionality?

authorize {
	...
	files
	if (notfound) {
		ldap
		if (notfound) {
			reject
		}
	}
	...
}

  Alan DeKok.



More information about the Freeradius-Users mailing list