LDAP auth in two sources
tnt at kalik.net
tnt at kalik.net
Fri Nov 27 15:57:44 CET 2009
> On Thu, 26 Nov 2009 18:21:29 -0000 (UTC)
> tnt at kalik.net wrote:
>
>> > As i doesn't have any other auth rather LDAP it is done
>> > automatically. I hope so. ;-)
>>
>> Enable files (and comment out ldap entries) and put:
>>
>> DEFAULT Auth-Type := tam
>>
>> at the top of the users file. That's much cheaper way.
>
> Hm... I think i don't understand you. What to disable in
> what section? authorize or authentificate?
Remove tam and lotus from authorize section of default virtual server -
you are not authorizing anything just doing authentication. Instead just
put that line at the top of the users file and enable files in authorize.
>> Check base_dn. You say it is different but server debug
>> would disagree.
>>
>
> But they are.
>
> ldap tam {
> server = "skoll-vm1.kmz.ts"
> basedn = "o=tamknown"
> filter = "(uid=%{User-Name})"
> authtype = tam
> start_tls = no
> dictionary_mapping =
> ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> timeout = 4
> timelimit = 3
> net_timeout = 1
> compare_check_items = no
> do_xlat = no
> access_attr_used_for_allow = no
> set_auth_type = yes
> }
> ldap lotus {
> server = "ldap.kmz.ts"
> basedn = "o=tsas"
> filter = "(uid=%{User-Name})"
> authtype = lotus
> start_tls = no
> dictionary_mapping =
> ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> timeout = 4
> timelimit = 3
> net_timeout = 1
> compare_check_items = no
> do_xlat = no
> access_attr_used_for_allow = no
> set_auth_type = yes
> }
Post the debug of server startup (part before requests can be processed.
Ivan Kalik
More information about the Freeradius-Users
mailing list