Authentication type (ldap, users, etc) per client or user?

[Alan DeKok]

falz wrote:
> Radius Client A uses rlm_ldap, Radius Client B uses 'files' for the
> livingston-style 'users' file. What I have now is Client A works fine
> with LDAP, but it seems to be a default across the system. Client B
> always talks to LDAP, it doesn't seem to read from the user's file.

  If you want to use one OR the other, try the following:

authorize {
	...
	group {
		files {
			ok = return
		}
		ldap
	}
	...
}

  i.e. if an entry is found in the "users" file, then don't do LDAP.  If
no entry is found in the "users" file, do LDAP.

  Of course, in 2.0, you could just have a virtual server for client A,
and a different virtual server for client B.

> But when one authenticate, it chooses ldap only:

  Because that's what you've configured it to do.  In this case, the
debug output shows that it's not calling the "files" module.  So you've
edited the default configuration so that the "files" module isn't
called... and yet you say you want it to call the "files" module.

> It is logical that it does this, as I have nothing in my config about
> this client using 'files'/'users', because I do not know what to put
> in.

  What's wrong with the default configuration file that ships with the
server?

> I posted the original link, and also found this, which is related:
> 
> http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg40372.html
> 
> However, in all cases that I find, users are trying to authenticate
> with multiple same-type backends. Original link user is authenticating
> off of different LDAP servers, this case they're authenticating off of
> multiple SQL servers. I want 1 LDAP and one 'files'.

  You can copy & paste an example that doesn't apply to what you want to
do, or you can understand how the server works.  In this case, reading
the files in the "doc" directory would help.  They explain *how* those
examples are configured, and *why* they work.

  Alan DeKok.