Combining LDAP authentication and UNIX groups
Paul Stepowski
p.stepowski at qut.edu.au
Wed Oct 18 10:02:06 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
Is it possible to authenticate users against LDAP and also check if the username
exists in a local UNIX group.
I can get both working independently i.e. in my users file
- ---snip---
DEFAULT Auth-Type = LDAP
Fall-Through = No
DEFAULT Group == "paul", Auth-Type = System
Fall-Through = No
- ---snip---
I can auth users against LDAP successfully and I can auth users who are in the
group "paul" successfully against the password file.
I tried to combine these two in various way, e.g.
- ---snip---
DEFAULT Group == "paul", Auth-Type = LDAP,
Fall-Through = No
- ---snip---
But I couldn't get this to work, probably because LDAP has no concept of a
"Group". It might be possible to do this using two different definitions in
"users" that where one falls through to another but I'm not sure how to
implement this.
Does anyone know if this is achievable?
NOTE: Please don't ask why I'm trying to do this. I realise this is a slightly
unusual concept, but I'd thought I'd ask.
Thanks,
Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFFNd9+4qOLghPAuV0RAh6fAKCe8yPC49Ri6wXHAOXPGrbB2X+GWwCgt8hQ
YWX30HRRls054OfH2LNHpv4=
=p7Ww
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list