Two Ldaps Authentication
Terry J Fike Jr
tfike at mtasolutions.com
Fri Jun 16 19:27:26 CEST 2006
Message: 6
Date: Fri, 16 Jun 2006 09:44:29 -0700 (PDT)
From: fvt3 <fvt3 at yahoo.com>
Subject: Re: Two Ldaps Authentication
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20060616164429.4187.qmail at web42106.mail.mud.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
Alan,
This is what I have in my radius.conf
Autz-Type LDAP1{
ldap_ldap1{
invalid=return
}
ldap_ldap2
}
Auth-Type LDAP1 {
redundant{
ldap_ldap1{
}
ldap_ldap2
}
users file
DEFAULT Auth-Type = LDAP1
Fall-Through = No,
Reply-Message = "ldap login"
I'm forcing radius to lookup user in ldap1(ldap) and
ldap2(Active Directory). The same user name can
reside on both db backend. With this setup, radius
only works if the user name does not exist on both db.
If user John is on both db, it would only
authenticate off LDAP1 and not in LDAP2.
Here is my log
<snip>
correct...this is the way you have it configured.
as long as ONE ldap server answers the request (whether it be an
authentication allowed or rejected) it still answered. so it won't fail
over to the next ldap server...
--- Alan DeKok
--
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
tfike at mtasolutions.com
More information about the Freeradius-Users
mailing list