Two Ldaps Authentication

fvt3 fvt3 at yahoo.com
Fri Jun 16 20:58:14 CEST 2006


So, how can I configure radius to authenticate off
ldap2 once ldap1 rejects the user because of a bad
password. 
I want to radius to: 
Lookup in ldap1 : If rejected because of a bad
password

then do
Lookup in ldap2 

Basically I want radius to go through a sequence of
lookup if ldap1 fails(ldap reject user password) then
go to ldap2 for lookup..

--- Terry J Fike Jr <tfike at mtasolutions.com> wrote:

> Message: 6
> Date: Fri, 16 Jun 2006 09:44:29 -0700 (PDT)
> From: fvt3 <fvt3 at yahoo.com>
> Subject: Re: Two Ldaps Authentication
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:
>
<20060616164429.4187.qmail at web42106.mail.mud.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
> 
> Alan,
> 
> This is what I have in my radius.conf
> 
> 
>   Autz-Type LDAP1{
>                  ldap_ldap1{
>                          invalid=return
>                          }
>                  ldap_ldap2
>                      }
> 
>    Auth-Type LDAP1 {
>                  redundant{
>                          ldap_ldap1{
>                          }
> 
>                          ldap_ldap2
> 
>                          }
> users file
> 
> DEFAULT Auth-Type = LDAP1
>          Fall-Through = No,
>          Reply-Message = "ldap login"
> 
> 
> 
> I'm forcing radius to lookup user in ldap1(ldap) and
> ldap2(Active Directory).  The same user name can
> reside on both db backend.  With this setup, radius
> only works if the user name does not exist on both
> db.
>   If user John is on both db, it would only
> authenticate off LDAP1 and not in LDAP2.
> 
> Here is my log
> 
> 
> <snip>
> 
> correct...this is the way you have it configured.
> as long as ONE ldap server answers the request
> (whether it be an 
> authentication allowed or rejected) it still
> answered.  so it won't fail 
> over to the next ldap server...
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> --- Alan DeKok
> 
> -- 
> Terry J Fike Jr
> System Administrator
> MTA Solutions
> 907-793-4100
> tfike at mtasolutions.com
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the Freeradius-Users mailing list