users file question
Aqdas Muneer
aqdas.muneer at gmail.com
Wed Aug 18 14:38:49 CEST 2010
thanks you i tired that and it worked great. if you dont mind can you tell
me please why we had to set "fail = 1"? the reason i ask is that in my
policy i have a 'notfound' statement and it works just fine, but for fail i
have to set it to 'fail = 1'. below is the policy i have in place
ldap {
fail = 1
}
if (fail){
files
}
elsif (notfound) {
update reply {
Reply-Message = "Cannot use this user
account"
}
reject
}
Another question i have is that can i put in an unlang statement in the
post-auth-type reject to put in an update reply when the ldap server failed
and the user was not found in the fallback files. this way the user can be
prompted to use the fall back username/password
thanks for all your help in this matter.
On Tue, Aug 17, 2010 at 7:23 AM, Alan DeKok <aland at deployingradius.com>wrote:
> Aqdas Muneer wrote:
> > thank you for the quick response. the reason i created the admin account
> > was for use during ldap outages and you are correct that this account
> > does not exist in ldap. what would be a better way to go about
> > accomplishing this. i want the admin account to be only available during
> > times when the ldap module returns 'fail'?
>
> Put this into the "authorize" section:
>
> authorize {
> ...
> ldap {
> fail = 1
> }
> if (fail) {
> do things
> }
> ...
> }
>
> The "do things" text should be replaced by your actual policies. i.e.
> check for "admin" account, update password, etc. See "man unlang" for
> details.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100818/1f4f4656/attachment.html>
More information about the Freeradius-Users
mailing list