LDAP with fallback on local authentication?

Ivan Kalik tnt at kalik.net
Thu Apr 9 08:45:22 CEST 2009


 > I'm sure these are questions that have been asked a thousand times, but
can't for the life of me find the answers I'm looking for.

 > My first problem is this: I want to store reply attributes for my users
in a MySQL database, however I want them to authenticate against an LDAP
server. No problem, I sort of have this   working.   > Except the reply
attributes get sent even on an Access-Reject packet. This seems undesirable
to me.
 
Have you done something to attribute filter in Post-Auth-Type REJECT?
 
 > My second problem is this: The LDAP server isn't necessarily in the same
building as the radius server. I want users to be able to fall back on
locally stored passwords in the MySQL database should   > the LDAP server be
down for some reason. I'd thought that setting Fall-Through=yes and having a
DEFAULT Auth-Type = local would have done this, but no dice. Any
suggestions?
 
man unlang - redundant.
 
Ivan Kalik
Kalik Informatika ISP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090409/f0a35610/attachment.html>


More information about the Freeradius-Users mailing list