Hello! I don't know how to configure Radius to do this : I want that radius accepts the access, if files or ldap returns ok. In descriptive code: IF files return 'OK' THEN access-accept ELSE IF ldap return 'OK' THEN access-accept ELSE access-reject After I saw the documentation, I thought that I can do this with fail-over and I add this code to sites-enabled/default: authorize { ... group { files { fail = 1 # remember "fail" with priority 1 ok = return # if we succeed, return "ok" # if "detail1" returned "fail" } ldap { fail = 1 # remember "fail" with priority 1 ok = return # if we succeed, don't do "detail2" } } ... With this configuration it's happening the following: If files return OK the username/password are accepted. If files return fail username/password are rejected directly. This is not what I want. I want that if files fail then check ldap. How I can configure radius to implement this functionality? Thanks you very much, Ricardo Frías.
Ricardo Frías Alvarez wrote:
Hello!
I don't know how to configure Radius to do this : I want that radius accepts the access, if files or ldap returns ok. In descriptive code:
IF files return 'OK' THEN access-accept ELSE IF ldap return 'OK' THEN access-accept ELSE access-reject
You can implement this pretty much like that via "unlang".
After I saw the documentation, I thought that I can do this with fail-over and I add this code to sites-enabled/default: ... With this configuration it's happening the following: If files return OK the username/password are accepted. If files return fail username/password are rejected directly.
Except that the "files" module never returns "fail". See the source code.
This is not what I want. I want that if files fail then check ldap.
How I can configure radius to implement this functionality?
authorize { ... files if (notfound) { ldap if (notfound) { reject } } ... } Alan DeKok.
It's works! Thanks Alan! El 06/10/2010 16:44, Alan DeKok escribió:
Ricardo Frías Alvarez wrote:
Hello!
I don't know how to configure Radius to do this : I want that radius accepts the access, if files or ldap returns ok. In descriptive code:
IF files return 'OK' THEN access-accept ELSE IF ldap return 'OK' THEN access-accept ELSE access-reject You can implement this pretty much like that via "unlang".
After I saw the documentation, I thought that I can do this with fail-over and I add this code to sites-enabled/default: ... With this configuration it's happening the following: If files return OK the username/password are accepted. If files return fail username/password are rejected directly. Except that the "files" module never returns "fail". See the source code.
This is not what I want. I want that if files fail then check ldap.
How I can configure radius to implement this functionality? authorize { ... files if (notfound) { ldap if (notfound) { reject } } ... }
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan DeKok -
Ricardo Frías Alvarez