Florian Prester <Florian.Prester@rrze.uni-erlangen.de> wrote:
authorize: If I place the "users"-word before anything else, the authorization should take place by the users-file, which means if an user exists in the users-file it is authoized? correct?
It means that the "users" file is processed before anything else. You don't need to move it, though. The default configuration works.
authenticate: If the password matches cleartext/crypt the users is authenticated? correct?
Yes.
2.) If I try to uses PEAP and LDAP I need cleartext-passwords!? correct?
Or NT-Password.
If I add "ldap" after the "users"-wordin the authorize-section ldap should only be used, if the user cannot be found in the users-file?
No. See doc/configurable_failover
If I add password_attribute = "sn" thr user is authenticated, if the password-hash-challenge is matching the sn-hash-challenge, meaning the sn-attribute is taken as password? correct?
Yes.
3.) What means the Groupe-authenticate/authorize if I am using ldap?
I'm not sure what you mean by that. Alan DeKok.