Message: 6 Date: Fri, 16 Jun 2006 09:44:29 -0700 (PDT) From: fvt3 <fvt3@yahoo.com> Subject: Re: Two Ldaps Authentication To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <20060616164429.4187.qmail@web42106.mail.mud.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Alan, This is what I have in my radius.conf Autz-Type LDAP1{ ldap_ldap1{ invalid=return } ldap_ldap2 } Auth-Type LDAP1 { redundant{ ldap_ldap1{ } ldap_ldap2 } users file DEFAULT Auth-Type = LDAP1 Fall-Through = No, Reply-Message = "ldap login" I'm forcing radius to lookup user in ldap1(ldap) and ldap2(Active Directory). The same user name can reside on both db backend. With this setup, radius only works if the user name does not exist on both db. If user John is on both db, it would only authenticate off LDAP1 and not in LDAP2. Here is my log <snip> correct...this is the way you have it configured. as long as ONE ldap server answers the request (whether it be an authentication allowed or rejected) it still answered. so it won't fail over to the next ldap server... --- Alan DeKok -- Terry J Fike Jr System Administrator MTA Solutions 907-793-4100 tfike@mtasolutions.com