Hi,
You can also set Auth-Type and then add an entry in authentication section like you did in authorize.
Yes, I know, but as I wrote in my first message, my problem comes with CHAP, because if you set the Auth-Type := aldap1, then CHAP will not work anymore, because the chap modules see that the Auth-Type is set and will not set it to CHAP. The problem is that I don't know if I need chap or ldap bind at configuration time, that depends on the situation (device, user etc.) and I want to have it as flexible as possible. When I have only one ldap server, the Auth-Type will get set automaticly and everything if fine, but with two ldap server this doesn't work anymore... Gerald
it could look like this :
in users files: user ...,Autz-Type := aldap1, Auth-Type := aldap1
and in radiusd.conf: Authorize{ ... Autz-Type aldap1 { ... } ... } Authenticate { ... Auth-Type aldap1 { ... } ... }
Xav 2005/12/28, Gerald Richter <richter@ecos.de>:
Hi,
Use Autz-Type instead of Auth-Type and set "Autz-Type := aldap1" in the users file (in check items)
That's what I already do and authorization works correctly and accesses ldap1 or ldap2 as it should, but when it comes to authentication, Auth-Type is set to "LDAP" by the authorization phase and it didn't know about different ldap servers anymore
Gerald
2005/12/28, Gerald Richter <richter@ecos.de>:
Hi,
I want to use more than one ldap server to authenticate users. I have setup a users file that sets the Autz-Type so one of two ldap server are selected for authorization. Since it is not known which kind of authentication information is provied by the user, chap is also included, like
Authorize { preprocess suffix file Auth-Type aldap1 { chap ldap1 } Auth-Type aldap2 { chap ldap2 } }
My problem is now when it comes the authentication, because both instances of the ldap module sets the Auth-Type to LDAP, it will only work with one ldap server. Also I cannot set the Auth-Type in the users file, because it might also be set to CHAP by the chap module.
How can I specify which ldap server to use for authentication in such a case? Is there a possibility to include the module instance name in the Auth-Type?
Thanks
Gerald
-------------------------------------------------------------- -------------
Gerald Richter ecos electronic communication services gmbh IT-Securitylösungen * Webapplikationen mit Apache/Perl/mod_perl/Embperl
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: richter@ecos.de Voice: +49 6133 939-122 WWW: http://www.ecos.de/ Fax: +49 6133 939-333
--
----- ECOS BB-5000 Firewall- und IT-Security Appliance: www.bb-5000.info
--
-----
** Virus checked by BB-5000 Mailfilter **
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
** Virus checked by BB-5000 Mailfilter ** !DSPAM:43b2754e166506533414836!
** Virus checked by BB-5000 Mailfilter **
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
** Virus checked by BB-5000 Mailfilter ** !DSPAM:43b2a046277391611861455!
** Virus checked by BB-5000 Mailfilter **