Куприянов Максим wrote:
I'm using FreeRadius 2.1.3 with LDAP (eDirectory) and plain-text (users file) backends and I don't know how to solve a couple of problems :(
How do you tell the users apart?
1. Is possible to mix users with same names, but different passwords from LDAP and from users file? There are some old time users in my org, who don't belong to eDirectory tree and there are users in eDirectory with same names that should not be treated like old-time ones.
Maybe.
I guess, I've found some kind of solution: /etc/raddb/dictionary: ATTRIBUTE Local-Skip-LDAP 3101 integer ATTRIBUTE Local-LDAP-User 3102 integer VALUE Local-Skip-LDAP true 1 VALUE Local-Skip-LDAP false 0 VALUE Local-LDAP-User true 1 VALUE Local-LDAP-User false 0 /etc/raddb/users: old_user User-Password == "testing", Cleartext-Password := "testing" Local-Skip-LDAP = true /etc/raddb/sites-available/default: authorize { .. if (!reply:Local-Skip-LDAP) { ldap if (ok) { update request { Local-LDAP-User := true } } } .. } The only problem i've got, that instead of using users file to specify default attributes for those none-LDAP user, I should use post-auth section of "default" site with (!request:Local-LDAP-User) and vice-versa condition. So, many thanks to Alan for "man unlang" hint :) But one problem still remain - i still don't understand how to check, that LDAP-user does not belong to any group. Any ideas? --- Maxim