users-file overruling anything else UPDATE

florian.prester Florian.Prester at
Fri Oct 6 16:04:43 CEST 2006


I am using freeradius+perl+ldap.
Meaning for every request I get the users information from a
LDAP-Server, run it through some perl-code to distinguish some users
form others for some reason (:-)).

Now my problem are users not listed in the ldap-system. I want to use
the  users-file to overrule the ldap-system. Meaning if a user is found
in the users-file and the password matches, ignore everything else.

I think I had it working already, but somehow it does not work anymore! :-(

My authorization-section looks as follows:
authorize {
        #  Read the 'users' file
       #  The ldap module will set Auth-Type to LDAP if it has not
       #  already been set
        ldap  # needed to get user information
        perl  # needed to twist the users a little bit :-)

my users-file is standard, containing:
"help"     Auth-Type := Local, User-Password == "support"
                       Idle-Timeout := 30

Maybe my perl-code is the problem, because I do a REJECT by the 
Perl-module if the user is not found in the LDAP!
Hm, I should not do that, should I? I can grant access, but I should not 
deny it, if want to grant it later?!

Thanks for your help,
Florian  Prester

More information about the Freeradius-Users mailing list