How to handle EAP/LDAP or files with same server
Alan DeKok
aland at deployingradius.com
Sat Nov 11 00:20:45 CET 2006
Keith Moores <kmm6b at virginia.edu> wrote:
> I have both of these working with one issuse, MACs that are not in
> the users file are being sent to LDAP server adding unnecessary load.
One solution is to recognize MAC's, and NOT look them up in LDAP.
Another is to recognize email addresses, and cause them to be looked
up in LDAP.
> The solution I can think of is to only send user name's that are
> email addresses to ldap. Is this something that can be done with a
> proxy conf and realms?
No.
This should work:
#-- users file
DEFAULT User-Name =~ "@", EAP-Message =* 0x00, Autz-Type := email
#---
#--- radiusd.conf
authorize {
preprocess
files
Autz-Type email {
ldap
eap
}
}
#---
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list