authenticating multiple modules?

tnt at kalik.co.yu tnt at kalik.co.yu
Tue Mar 13 01:21:24 CET 2007 

Hi Tim,

No "others" so I'll try.

I assume that it should work like this:

DEFAULT   Auth-Type := System
                 Fall-Through = Yes

DEFAULT   Auth-Type := LDAP

I think that users will be checked against the system first and if not
found against LDAP. Take this with a pinch of salt - I never used users
file, System or LDAP, only MySQL.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "Tim Tyler" <tyler at beloit.edu> piše:

>Ivan, or others,
>   Ok, I can't seem to find documentation on 
>this.  If I don't use the users file, I presume I 
>should create the groups in the radiusd.conf 
>file.  How does one create a group for Students 
>and Staff (syntax)?  Can I assign Auth-Type = 
>System for Staff and Auth-Type = LDAP for Staff 
>and have a request against both groups?  Note, 
>there is no way ahead of time to distinguish 
>between a user that is staff or student.  So I 
>need the solution to first check the system file and then check against ldap.
>   Is there an example configuration somewhere I 
>can follow that authenticates against a system file and ldap?
>
>Tim
>
>
>At 06:32 PM 3/9/2007, you wrote:
>>Don't put Auth-Type in users file. Make groups Students nad Staff,
>>assign users to them and put the Auth-Type you want for that group as
>>group check item.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 9/3/2007, "Tim Tyler" <tyler at beloit.edu> piše:
>>
>> >Freeradius experts,
>> >    I want to use one freeradius server to authenticate against a
>> >system file for students and against ldap for faculty/staff.  I can
>> >get the system file to work alone.  I can get the ldap module to work
>> >alone.  But I can't seem to find a way to get both of them to work
>> >together.  If I set DEFAULT Auth-Type = System in the users file, it
>> >authenticates the system files.  If I set it to ldap, it
>> >authenticates to ldap.  If I put both in the users file, it
>> >authenticates ldap users only.  How do I allow both unix and ldap
>> >modules to authenticate their respective users?   Note: users are
>> >unique to each module.  A user in unix does 
>> not exist in ldap and vice versa.
>> >
>> >
>> >
>> >Tim Tyler
>> >Network Engineer - Beloit College
>> >tyler at beloit.edu
>> >
>> >
>> >-
>> >List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>> >
>> >
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>Tim Tyler
>Network Engineer - Beloit College
>tyler at beloit.edu 
>
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list