users-file overruling anything else
Hi, I am using freeradius+perl+ldap. Meaning for every request I get the users information from a LDAP-Server, run it through some perl-code to distinguish some users form others for some reason (:-)). Now my problem are users not listed in the ldap-system. I want to use the users-file to overrule the ldap-system. Meaning if a user is found in the users-file and the password matches, ignore everything else. I think I had it working already, but somehow it does not work anymore! :-( My authorization-section looks as follows: authorize { preprocess chap mschap eap # # Read the 'users' file files # # The ldap module will set Auth-Type to LDAP if it has not # already been set ldap # needed to get user information perl # needed to twist the users a little bit :-) } my users-file is standard, containing: "help" Auth-Type := Local, User-Password == "support" Idle-Timeout := 30 Thanks for your help, Florian Prester
"florian.prester" <Florian.Prester@rrze.uni-erlangen.de> wrote:
Now my problem are users not listed in the ldap-system. I want to use the users-file to overrule the ldap-system. Meaning if a user is found in the users-file and the password matches, ignore everything else.
The problem is that the "users" file doesn't do authentication. It only stores a "known good" password for a user. My suggestion is to do: authorize { preprocess chap mschap eap perl files { ok = return updated = return } ldap } And PLEASE don't set "Auth-Type := Local". The "users" file entries should look like: username User-Password := "password" ... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
florian.prester