Alan DeKok wrote:
<christophe.gravier@univ-st-etienne.fr> wrote:
rlm_ldap: Adding userPassword as User-Password, value { & op=11
That's better.
modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP
Yuck.
My quick answer is to edit rlm_ldap.c to have it *never* set Auth-Type to LDAP. That would solve a lot of problems.
Interesting. I mentioned this to another querier the other day: http://lists.freeradius.org/pipermail/freeradius-users/2005-December/049221.... What then would the authenticate section look like to use LDAP? Presumably something like: authenticate { Auth-Type PAP { ldap } } ...but of course then you get into what happens if you want 2 different services in the same server, such as: authenticate { Auth-Type PAP-service1 { ldap1 } Auth-Type PAP-service2 { ldap2 } Auth-Type MSCHAP-service1 { mschap1 } Auth-Type MSCHAP-service2 { mschap2 } } ...etc. - nasty. Is it possible to do: authenticate { Huntgroup Service1 { Auth-Type PAP { ldap1 } Auth-Type MSCHAP { mschap1 } } Huntgroup Service2 { Auth-Type PAP { ldap2 } Auth-Type MSCHAP { mschap2 } } } ...although "Realm" might make more sense than "Huntgroup" in understanding what I mean. There's also the possibility of wanting to use fallback: authenticate { Auth-Type PAP { ldap pap } } ...although I'm pretty sure you can do that with configurable failover and the above syntax is wrong.