On 13/10/10 14:40, Harry Hoffman wrote:
Hi Alan,
Thanks for the help! This works well and lessens the confusion on my part.
I do have one question. When using ldap as the authorization module the Auth-Type gets set properly to siteone_ldap. But if I try using
That's a feature of the "ldap" module; if it is a "named" module it sets the Auth-Type to that name (otherwise using "LDAP")
ntlm_auth then the Auth-Type is not set even though ntlm_auth returns OK.
The (confusingly named) "ntlm_auth" module is actually a copy of the "exec" module which checks PAP requests; it does not have that feature. You are also using it wrong, by running it in the "authorize" section. You want something like: authorize { if (Realm == ...) { ldap_siteone } elsif (Realm == ...) { update control { Auth-Type := PAP-ntdom } } } authenticate { Auth-Type ldap_siteone { ldap_siteone } Auth-Type PAP-ntdom { ntlm_auth } } I guess the other alternative is: authorize { if (Realm == ...) { ldap_siteone } elsif (Realm == ...) { ntlm_auth if (ok) { update control { Auth-Type := PAP-ntdom } } } } ...but maybe it's not really what you should be doing; "authenticate" should happen after "authorize"