Two Ldaps Authentication

Terry J Fike Jr tfike at mtasolutions.com
Fri Jun 16 19:27:26 CEST 2006


Message: 6
Date: Fri, 16 Jun 2006 09:44:29 -0700 (PDT)
From: fvt3 <fvt3 at yahoo.com>
Subject: Re: Two Ldaps Authentication
To: FreeRadius users mailing list
	<freeradius-users at lists.freeradius.org>
Message-ID: <20060616164429.4187.qmail at web42106.mail.mud.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

Alan,

This is what I have in my radius.conf


  Autz-Type LDAP1{
                 ldap_ldap1{
                         invalid=return
                         }
                 ldap_ldap2
                     }

   Auth-Type LDAP1 {
                 redundant{
                         ldap_ldap1{
                         }

                         ldap_ldap2

                         }
users file

DEFAULT Auth-Type = LDAP1
         Fall-Through = No,
         Reply-Message = "ldap login"



I'm forcing radius to lookup user in ldap1(ldap) and
ldap2(Active Directory).  The same user name can
reside on both db backend.  With this setup, radius
only works if the user name does not exist on both db.
  If user John is on both db, it would only
authenticate off LDAP1 and not in LDAP2.

Here is my log


<snip>

correct...this is the way you have it configured.
as long as ONE ldap server answers the request (whether it be an 
authentication allowed or rejected) it still answered.  so it won't fail 
over to the next ldap server...










--- Alan DeKok

-- 
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
tfike at mtasolutions.com



More information about the Freeradius-Users mailing list