Freeradius and LDAP : to be continued
Christophe Gravier
christophe.gravier at univ-st-etienne.fr
Thu Dec 15 16:04:52 CET 2005
Phil Mayers wrote:
> Alan DeKok wrote:
>
>> <christophe.gravier at univ-st-etienne.fr> wrote:
>>
>>> rlm_ldap: Adding userPassword as User-Password, value { & op=11
>>
>>
>> That's better.
>>
>>> modcall: group authorize returns ok for request 0
>>> rad_check_password: Found Auth-Type LDAP
>>
>>
>> Yuck.
>>
>> My quick answer is to edit rlm_ldap.c to have it *never* set
>> Auth-Type to LDAP. That would solve a lot of problems.
>
>
> Interesting. I mentioned this to another querier the other day:
>
> http://lists.freeradius.org/pipermail/freeradius-users/2005-December/049221.html
>
Argggg. You lost me.
Still not working.
I can't imagine I'm unable to make freeradius uses LDAP password without
hacking it :-/
>
> What then would the authenticate section look like to use LDAP?
> Presumably something like:
>
> authenticate {
> Auth-Type PAP {
> ldap
> }
> }
>
> ...but of course then you get into what happens if you want 2
> different services in the same server, such as:
>
> authenticate {
> Auth-Type PAP-service1 {
> ldap1
> }
> Auth-Type PAP-service2 {
> ldap2
> }
> Auth-Type MSCHAP-service1 {
> mschap1
> }
> Auth-Type MSCHAP-service2 {
> mschap2
> }
> }
>
> ...etc. - nasty. Is it possible to do:
>
> authenticate {
> Huntgroup Service1 {
> Auth-Type PAP {
> ldap1
> }
> Auth-Type MSCHAP {
> mschap1
> }
> }
>
> Huntgroup Service2 {
> Auth-Type PAP {
> ldap2
> }
> Auth-Type MSCHAP {
> mschap2
> }
> }
> }
>
> ...although "Realm" might make more sense than "Huntgroup" in
> understanding what I mean.
>
> There's also the possibility of wanting to use fallback:
>
> authenticate {
> Auth-Type PAP {
> ldap
> pap
> }
> }
>
> ...although I'm pretty sure you can do that with configurable failover
> and the above syntax is wrong.
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Christophe Gravier
Laboratoire DIOM, groupe SATIn - Doctorant
ISTASE - Ingénieur d'études
Perso: http://perso.univ-st-etienne.fr/gravchri/
SATIn: http://www.istase.com/satin
Tel : 04 7748 5034
A mediter: http://www.fsffrance.org/news/article2005-11-25.fr.html
More information about the Freeradius-Users
mailing list