Allowing Access via 'users' when LDAP fails
Alan DeKok
aland at deployingradius.com
Thu Jan 28 08:00:47 CET 2010
Amaru Netapshaak wrote:
> Right now, if a user
> isnt found in the LDAP database, a reject is returned to the switch and
> the port goes
> offline. What I'd rather have,is RADIUS reply with a standard response
> (if the LDAP
> auth fails).
See doc/configurable_failover for over-riding return codes.
> I tried to do this in the users file, by moving 'files' to below 'ldap'
> in sites-enabled/default
> and then creating a DEFAULT entry in users that returned the VLAN
> information I wanted,
> but then it didnt include other relevant info that the switch needs.
That won't work.
What you want is:
ldap
if (notfound) {
update reply {
... insert attributes here...
}
}
You don't need the "users" file.
Alan DeKok.
More information about the Freeradius-Users
mailing list