LDAP server per realm

Alan DeKok aland at deployingradius.com
Tue Apr 17 03:43:54 CEST 2007

Sean McNamara wrote:
> I'm working on finding a way to define multiple local realms and have 
> each have a unique ldap profile associated with them.    We want one 
> associated with a particular realm, and the other to be the 
> catchall/default case.  In addition to this, we're also using EAP/TTLS, 
> which may or not complicate the situation..  After googling a bit, I was 
> under the impression that something along the following lines should work:
> Here are the relevant parts of the the files I modified:
> in dictionary:

  Please don't edit the dictionaries.  The VALUEs you defined are
already defined as something else.  And the server will automatically
create the relevant values for you, so there's no need to edit the

> in users:
> DEFAULT         Domain == "VLS", Autz-Type := VLS

  There is no "Domain" attribute.  You mean "Realm".

> When I attempt to authenticate, regardless of whether I specify a realm 
> or not, it only checks the vuldap servers.      Any suggestions would be 
> greatly appreciated!

  If you run the server in debugging mode, you will see that your
current configuration does *not* match the entry in the "users" file
that you have.  Make the changes I suggest, and it should work.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list