Message du 10/01/07 à 15h38 De : "Alan DeKok" A : jerrrry@voila.fr, "FreeRadius users mailing list" Copie à : Objet : Re: ldap { fail=1}
jerrrry@voila.fr wrote:
i'm using freeradius 1.0.1 from Red Hat entreprise 4.
You SHOULD upgrade:
http://freeradius.org/security.html does not Red Hat supply any security patch with the OS support ?
I want the radius server to authenticate users thanks to the "users" file even if the ldap directory is not reachable and the radius server to start even if the DB is not reachable
That's probably the way the server should work. Those issues probably weren't though of when the server was written, as the SQL module works the same way.
I tried with ldap { fail =1} in the authorize section and sql { fail = 1 } in the instantiate section without any success.
"fail" doen't seem to be know.
No, it doesn't work in the "instantiate" section. It could, though. It's a good idea, and one I hadn't thought of.
and "fail = 1" should work for ldap in the authorize section ?
An alternative would be to update the LDAP module to NOT bind at startup, and do it only when a request came in. That would help, too.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
On Wed, Jan 10, 2007 at 05:49:59PM +0100, jerrrry@voila.fr wrote:
i'm using freeradius 1.0.1 from Red Hat entreprise 4.
You SHOULD upgrade:
http://freeradius.org/security.html does not Red Hat supply any security patch with the OS support ?
Yes, they do. Release 1.0.1-3.RHEL4.3 should have all security-related fixes backported. https://rhn.redhat.com/errata/RHSA-2006-0271.html th.
jerrrry@voila.fr wrote:
> No, it doesn't work in the "instantiate" section. It could, though. > It's a good idea, and one I hadn't thought of.
and "fail = 1" should work for ldap in the authorize section ?
Yes, it will work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (3)
-
Alan DeKok -
jerrrry@voila.fr -
Tomas Hoger