authenticating multiple modules?

Tim Tyler tyler at beloit.edu
Tue Mar 13 17:21:46 CET 2007 

Ivan,
   No unfortunately it doesn't work that way, 
though I wish it did because that would be 
easy.  I can't get system to authenticate with 
that config which works fine if I comment out the ldap line.
   Alan Dekok mentioned this:
" pull the password from LDAP, and let the server decide how
the user should be authenticated.

   You could also set Auth-Type *conditionally*, if the user was in one
group or another."

However, I am not able to find examples of how to 
get his suggestions to work yet.  I saw someone 
else trying to set up groups in the huntgroup so 
maybe I should investigate that route more.  But 
I don't have particular nas's to group by so I am 
not sure how to group things.  When a request 
comes in from different sources, its random as to 
whether it will be a staff or student.  I just 
need the solution to query both the system and ldap for authentication.

Tim

t 07:21 PM 3/12/2007, you wrote:
>Hi Tim,
>
>No "others" so I'll try.
>
>I assume that it should work like this:
>
>DEFAULT   Auth-Type := System
>                  Fall-Through = Yes
>
>DEFAULT   Auth-Type := LDAP
>
>I think that users will be checked against the system first and if not
>found against LDAP. Take this with a pinch of salt - I never used users
>file, System or LDAP, only MySQL.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 12/3/2007, "Tim Tyler" <tyler at beloit.edu> pi¹e:
>
> >Ivan, or others,
> >   Ok, I can't seem to find documentation on
> >this.  If I don't use the users file, I presume I
> >should create the groups in the radiusd.conf
> >file.  How does one create a group for Students
> >and Staff (syntax)?  Can I assign Auth-Type =
> >System for Staff and Auth-Type = LDAP for Staff
> >and have a request against both groups?  Note,
> >there is no way ahead of time to distinguish
> >between a user that is staff or student.  So I
> >need the solution to first check the system 
> file and then check against ldap.
> >   Is there an example configuration somewhere I
> >can follow that authenticates against a system file and ldap?
> >
> >Tim
> >
> >
> >At 06:32 PM 3/9/2007, you wrote:
> >>Don't put Auth-Type in users file. Make groups Students nad Staff,
> >>assign users to them and put the Auth-Type you want for that group as
> >>group check item.
> >>
> >>Ivan Kalik
> >>Kalik Informatika ISP
> >>
> >>
> >>Dana 9/3/2007, "Tim Tyler" <tyler at beloit.edu> pi¹e:
> >>
> >> >Freeradius experts,
> >> >    I want to use one freeradius server to authenticate against a
> >> >system file for students and against ldap for faculty/staff.  I can
> >> >get the system file to work alone.  I can get the ldap module to work
> >> >alone.  But I can't seem to find a way to get both of them to work
> >> >together.  If I set DEFAULT Auth-Type = System in the users file, it
> >> >authenticates the system files.  If I set it to ldap, it
> >> >authenticates to ldap.  If I put both in the users file, it
> >> >authenticates ldap users only.  How do I allow both unix and ldap
> >> >modules to authenticate their respective users?   Note: users are
> >> >unique to each module.  A user in unix does
> >> not exist in ldap and vice versa.
> >> >
> >> >
> >> >
> >> >Tim Tyler
> >> >Network Engineer - Beloit College
> >> >tyler at beloit.edu
> >> >
> >> >
> >> >-
> >> >List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >> >
> >> >
> >>
> >>-
> >>List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> >
> >Tim Tyler
> >Network Engineer - Beloit College
> >tyler at beloit.edu
> >
> >
> >
> >-
> >List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> >
> >
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Tim Tyler
Network Engineer - Beloit College
tyler at beloit.edu

More information about the Freeradius-Users mailing list