ldap { fail=1}
Alan DeKok
aland at deployingradius.com
Wed Jan 10 15:34:48 CET 2007
jerrrry at voila.fr wrote:
>
> i'm using freeradius 1.0.1 from Red Hat entreprise 4.
You SHOULD upgrade:
http://freeradius.org/security.html
> I want the radius server to authenticate users thanks to the "users"
> file even if the ldap directory is not reachable and the radius server
> to start even if the DB is not reachable
That's probably the way the server should work. Those issues probably
weren't though of when the server was written, as the SQL module works
the same way.
> I tried with ldap { fail =1} in the authorize section and sql { fail
> = 1 } in the instantiate section without any success.
>
> "fail" doen't seem to be know.
No, it doesn't work in the "instantiate" section. It could, though.
It's a good idea, and one I hadn't thought of.
An alternative would be to update the LDAP module to NOT bind at
startup, and do it only when a request came in. That would help, too.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list