On 03/25/2010 12:31 PM, Jeffrey Wang wrote:
I am using freeradius server against my ldap server for regular user access and eap. I need the wireless user treated differently. So I created a entry in users file and would like to set user-password for these users in encrypted form. For the users that are not in ldap, they worked fine. However, the users are in the ldap, had been updated with cleartext-password and radius ignores my user-password and uses cleartext-password from ldap.
Can I delete the configuration items (cleartext-password) I set in previous process, such as ldap or password file?
We have no clue what you did in a previous process nor what version of FreeRADIUS you're using. You could do one of several things: Move the users file processing above the ldap in the authorize section your config file so the user in found in the users file first. Put those special users in an ldap group and do not return authorize information if they are members of that group. Remove the password attribute for those users from your ldap directory, rlm_ldap can't return what it can't find. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/