question on users file

John Dennis jdennis at redhat.com
Thu Mar 25 18:36:13 CET 2010


On 03/25/2010 12:31 PM, Jeffrey Wang wrote:
> I am using freeradius server against my ldap server for regular user
> access and eap. I need the wireless user treated differently. So I
> created a entry in users file and would like to set user-password for
> these users in encrypted form. For the users that are not in ldap, they
> worked fine. However, the users are in the ldap, had been updated with
> cleartext-password and radius ignores my user-password and uses
> cleartext-password from ldap.
>
> Can I delete the configuration items (cleartext-password) I set in
> previous process, such as ldap or password file?

We have no clue what you did in a previous process nor what version of 
FreeRADIUS you're using.

You could do one of several things:

Move the users file processing above the ldap in the authorize section 
your config file so the user in found in the users file first.

Put those special users in an ldap group and do not return authorize 
information if they are members of that group.

Remove the password attribute for those users from your ldap directory, 
rlm_ldap can't return what it can't find.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list