LDAP with fallback on local authentication?
Justin Steward
althalus87 at gmail.com
Tue Apr 14 01:40:43 CEST 2009
On Mon, Apr 13, 2009 at 4:48 AM, Ivan Kalik <tnt at kalik.net> wrote:
> > You've mentioned a few times that LDAP is not meant for
> authentication, however the default config that ships with FreeRADIUS has
> LDAP in
> > the authentication section. Could you clear that up a little for me
> please? (or point me to somewhere it's been cleared up before?)
>
> Don't force Auth-Type Ldap.
>
> But you will have to use two sql instances - one to store reply info and
> one to store backup passwords. You can't store passwords in sql (used for
> reply attributes) and ldap as well.
> authorize {
> ...
> sql_reply
> ldap
> if (notfound | fail) {
> sql_bkp_pass
> }
> ...
> }
>
>
Works perfectly. Exactly what I was after. Thanks Ivan.
Regards,
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090414/426f37a6/attachment.html>
More information about the Freeradius-Users
mailing list