Fallback method of authentication
Rafael Domingues Quitério
rdquiterio.si at cenfim.pt
Wed Jun 3 11:02:34 CEST 2015
Hi;
Thanks, Alan.
Actually I wouldn't want to spend more resources "just" for a DC. If possible, I would keep my Ubuntu samba member server only.
What if I use LDAP instead of EAP? Would it be possible to do this fallback?
Thanks for your attention.
-----Mensagem original-----
De: Freeradius-Users [mailto:freeradius-users-bounces+rdquiterio.si=cenfim.pt at lists.freeradius.org] Em nome de Alan DeKok
Enviada: 29 de maio de 2015 12:33
Para: FreeRadius users mailing list
Assunto: Re: Fallback method of authentication
On May 29, 2015, at 7:07 AM, Rafael Domingues Quitério <rdquiterio.si at cenfim.pt> wrote:
> I have installed FreeRADIUS Version 3.0.7 from source and it's doing machine authentication on a Windows domain.
That makes it more difficult.
> The radius server is a samba member. The place doesn't have a DC, so, the radius authentication is done to a remote DC. If the WAN link to the DC site fails, machine authentication on the Freradius server will fail.
>
> Because of that , I'm considering having a fallback method for authentication (files) when the link goes down.
>
> Is that possible to implement via the configuration files? Could somebody give me hints to achieve that.
There is no real way to do fallback authentication. Because EAP / machine authentication is designed to make that impossible.
Put a backup DC in the local site. That's really the best way to solve the problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list