Selecting one of multiple Ldap server in users file

Gerald Richter richter at ecos.de
Wed Dec 28 15:39:27 CET 2005 

Hi,
> 
> You can also set Auth-Type and then add an entry in 
> authentication section like you did in authorize.
> 

Yes, I know, but as I wrote in my first message, my problem comes with CHAP,
because if you set the Auth-Type := aldap1, then CHAP will not work anymore,
because the chap modules see that the Auth-Type is set and will not set it
to CHAP. The problem is that I don't know if I need chap or ldap bind at
configuration time, that depends on the situation (device, user etc.) and I
want to have it as flexible as possible. When I have only one ldap server,
the Auth-Type will get set automaticly and everything if fine, but with two
ldap server this doesn't work anymore...

Gerald


> it could look like this :
> 
> in users files:
>  user ...,Autz-Type := aldap1, Auth-Type := aldap1
> 
> and in radiusd.conf:
> Authorize{
> ...
>     Autz-Type aldap1 {
>     ...
>    }
> ...
> }
> Authenticate {
> ...
>     Auth-Type aldap1 {
>      ...
>     }
> ...
> }
> 
> Xav
> 2005/12/28, Gerald Richter <richter at ecos.de>:
> > Hi,
> >
> > >
> > > Use Autz-Type instead of Auth-Type
> > > and set "Autz-Type := aldap1" in the users file (in check items)
> > >
> >
> > That's what I already do and authorization works correctly and 
> > accesses
> > ldap1 or ldap2 as it should, but when it comes to authentication, 
> > Auth-Type is set to "LDAP" by the authorization phase and it didn't 
> > know about different ldap servers anymore
> >
> > Gerald
> >
> >
> >
> > > 2005/12/28, Gerald Richter <richter at ecos.de>:
> > > > Hi,
> > > >
> > > > I want to use more than one ldap server to authenticate
> > > users. I have
> > > > setup a users file that sets the Autz-Type so one of two
> > > ldap server
> > > > are selected for authorization. Since it is not known 
> which kind 
> > > > of authentication information is provied by the user, 
> chap is also 
> > > > included, like
> > > >
> > > > Authorize
> > > >         {
> > > >         preprocess
> > > >         suffix
> > > >         file
> > > >         Auth-Type aldap1
> > > >                 {
> > > >                 chap
> > > >                 ldap1
> > > >                 }
> > > >         Auth-Type aldap2
> > > >                 {
> > > >                 chap
> > > >                 ldap2
> > > >                 }
> > > >         }
> > > >
> > > > My problem is now when it comes the authentication, 
> because both 
> > > > instances of the ldap module sets the Auth-Type to LDAP, it
> > > will only
> > > > work with one ldap server. Also I cannot set the 
> Auth-Type in the 
> > > > users file, because it might also be set to CHAP by the 
> chap module.
> > > >
> > > > How can I specify which ldap server to use for
> > > authentication in such
> > > > a case? Is there a possibility to include the module
> > > instance name in
> > > > the Auth-Type?
> > > >
> > > > Thanks
> > > >
> > > > Gerald
> > > >
> > > >
> > > >
> > > >
> > > >
> > > --------------------------------------------------------------
> > > -------------
> > > > Gerald Richter            ecos electronic communication
> > > services gmbh
> > > > IT-Securitylösungen * Webapplikationen mit 
> > > > Apache/Perl/mod_perl/Embperl
> > > >
> > > > Post:       Tulpenstrasse 5          D-55276 Dienheim b. Mainz
> > > > E-Mail:     richter at ecos.de          Voice:   +49 6133 939-122
> > > > WWW:        http://www.ecos.de/      Fax:     +49 6133 939-333
> > > >
> > > 
> --------------------------------------------------------------------
> > > --
> > > > ----- ECOS BB-5000 Firewall- und IT-Security Appliance:
> > > > www.bb-5000.info
> > > >
> > > 
> --------------------------------------------------------------------
> > > --
> > > > -----
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ** Virus checked by BB-5000 Mailfilter **
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See 
> > > > http://www.freeradius.org/list/users.html
> > > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See 
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > ** Virus checked by BB-5000 Mailfilter ** 
> > > !DSPAM:43b2754e166506533414836!
> > >
> >
> >
> >
> > ** Virus checked by BB-5000 Mailfilter **
> >
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
>  
> ** Virus checked by BB-5000 Mailfilter ** 
> !DSPAM:43b2a046277391611861455!
> 


 
** Virus checked by BB-5000 Mailfilter **

More information about the Freeradius-Users mailing list