Behaviour of multiple sequenced authorization modules ?

[Robert Roll]

I'm a little new to freeradius.. Hmm.. I guess I made the assumption that a user notfound would actually
imply no authorization ? That doesn't seem to be the case ?

 So, I did the following...

    authorize {

          ldap1 {
            notfound = reject 
          }

          ldap2 ( 
             notfound = reject  
          }

  }

    is this the correct way to do this ?

Thanks,

Robert

________________________________________
From: freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org [freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org] On Behalf Of Robert Roll [Robert.Roll at utah.edu]
Sent: Monday, March 21, 2011 4:23 PM
To: FreeRadius users mailing list
Subject: Behaviour of multiple sequenced authorization modules ?

  I would like to have multiple authorization modules invoked and then reject if
ANY do NOT authorize ?

 For instance..

   authorize {

          ldap1
          ldap2
 }

 It appears if just one returns OK, then the subsequent authentication works.
 BTW.. The subsequent authentication is actually a PEAP/MSCHAPV2... Therefore,
the ldap modules are ONLY used for authorization...

Is there somewhere that discusses the various options on how to control the behaviour
when multiple authorization modules are involved ?

Thanks,


Robert

Robert Roll
Computer Professiona
University of Utah
Robert.Roll at utah.edu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html