MAC authorisation (but not authentication) via LDAP

Markus Krause krause at
Sun Feb 25 02:34:46 CET 2007

Zitat von Martin Whinnery <martin.whinnery at>:
> Thanks Markus,
> the problem seems to be that the authorisation pass returns "notfound",
> whereas I want it to "reject", as if it found an entry in LDAP without
> the appropriate attribute.
> Mart

Hi Mart,

ugh, you are of course right, i forgot on important detail, sorry!  
(has been quite a time since i set this up and it is getting quite  
late in the night now ...)
directly after the ldap entry in authorize a call a small perl script  
which checks for "$RAD_REQUEST{'Module-Failure-Message'}", and if it  
is set then return with "RLM_MODULE_REJECT", so 'notfound' is replaced  
by 'reject'.

i must admit that this actually is a very dirty solution ... i should  
really overthink it (altough it works ...)


| Markus Krause, Mogli-Soft                                       |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS               |
| by order of the                                                 |
|    Computing Center of the Max-Planck-Institute of Biochemistry |
| E-Mail: krause at  |  Tel.: 089 - 89 40 85 99       |
|         markus.krause at  |  Fax.: 089 - 89 40 85 98       |
|  Skype: markus.krause          | iChat: markus.krause at   |

      This message was sent using
If you encounter any problems please report to rz-linux at

More information about the Freeradius-Users mailing list