Problem with setting up multiple authentication methods.
Hi all, I am running freeradius2.1.12, having recently upgraded from freeradius 1, where this worked perfectly. I use LDAP authentication from my radius server for ADSL, 3g and wifi users, each with their own realm set up. Now for support staff we have another separate apn using a single user name without a password and no realm. For this I use a Perl accounting module. The whole idea is to hit LDAP authorization/accounting first and upon not finding the user, fall through to Perl auth/accounting because it is listed last in my users file. This works perfectly. However, when the Perl auth-Type is switched on, my ADSL users auth against LDAP, LDAP returns all the relevant user info, exits with ok, but then everything is passed to Perl, which rejects it. Why does radius not exit when LDAP is successful? I hope you understand what I mean. Regards, To read FirstRand Bank's Disclaimer for this email click on the following address or copy into your Internet browser: https://www.fnb.co.za/disclaimer.html If you are unable to access the Disclaimer, send a blank e-mail to firstrandbankdisclaimer@fnb.co.za and we will send you a copy of the Disclaimer.
Cooper, Tom wrote:
I am running freeradius2.1.12, having recently upgraded from freeradius 1, where this worked perfectly.
The server *did* change from version 1 to version 2. Did you copy the version 1 configuration, or did you build a new one for version 2?
I use LDAP authentication from my radius server for ADSL, 3g and wifi users, each with their own realm set up. Now for support staff we have another separate apn using a single user name without a password and no realm. For this I use a Perl accounting module. The whole idea is to hit LDAP authorization/accounting first and upon not finding the user, fall through to Perl auth/accounting because it is listed last in my users file. This works perfectly. However, when the Perl auth-Type is switched on, my ADSL users auth against LDAP, LDAP returns all the relevant user info, exits with ok, but then everything is passed to Perl, which rejects it. Why does radius not exit when LDAP is successful?
I hope you understand what I mean.
No idea. As ALWAYS, read the debug log. It's the ONLY way to see what's going on. Also try reading the raddb/modules/ldap file in version 2. It contains documentation describing the changes from version 1. Alan DeKok.
participants (2)
-
Alan DeKok -
Cooper, Tom