LDAP auth in two sources
tnt at kalik.net
tnt at kalik.net
Wed Nov 25 20:51:34 CET 2009
> radiusd: FreeRADIUS Version 1.1.3, for host
> x86_64-redhat-linux-gnu, built on Apr 25 2007 at 09:04:23
Upgrade.
http://wiki.freeradius.org/Red_Hat_FAQ#Current_Pre-built_RPM.27s_for_RHEL_5_and_CentOS_5
> I need to make an authorization of some RADIUS clients in
> LDAP by RADIUS. Clients need only to check passwords. I can
> check this in ONE LDAP server at a time without problems.
> It's work fine. But i need some different.
>
> I need to check user/password in TWO different LDAP server.
> If ANY of LDAPs tell "password is ok" RADIUS must accept
> this userid/passwd pair. Userlists in this two LDAP have
> some overlap. Most (but not all) of the users presents in
> BOTH of LDAP servers. Passwords between LDAP servers are
> different.
>
> With curent configuration i get this:
>
> if username aren't found in first LDAP lets proceed to the
> next
> if username aren't found in second LDAP lets DENY access
You probably don't need that after upgrade. Just force Auth-Type LDAP in
users file.
> if username is found in first LDAP and password is accepted
> by first LDAP lets ALLOW access.
> if username is found in first LDAP and password aren't
> accepted by first LDAP lets DENY access.
>
> RADIUS doesn't check password in the second LDAP server. I
> know why but i doesn't know how to change this behavior.
Create failover inside Auth-Type LDAP:
Auth-Type LDAP {
tam {
reject = 2
}
if(reject) {
lotus
}
}
Ivan Kalik
More information about the Freeradius-Users
mailing list