FreeRADIUS, OpenLDAP password change and RSA SecurID Next-Token-Mode
Alan DeKok
aland at deployingradius.com
Mon Dec 3 19:43:38 CET 2018
On Dec 3, 2018, at 9:37 AM, michael böhm <ksk2 at gmx.net> wrote:
> with your hints I managed to get this running:
That's good.
> I get the error in freeradius -X:
>
> (2) Found Auth-Type = PAP
> (2) Found Auth-Type = Accept
> (2) ERROR: Warning: Found 2 auth-types on request for user '<user>'
>
> Can I ignore this?
Yes. If you upgrade to 3.0.17, the message will go away.
> Only one more problem is to solve:
>
> In post-auth we have a Perl-script that relies on the groups that come
> from LDAP to make user rights decisions. When we are in Next-Token-Mode
> (case 1.2) we do not query LDAP, so freeradius cannot pass the groups
> to the Perl script.
OK.
> Is there a way to tell freeradius to cache the LDAP-groups from the
> last request for case 1.1 and use them in 1.2?
You can cache LDAP groups in the session-state list. But they're only cached for a series of challenge/ response packets.
Alan DeKok.
More information about the Freeradius-Users
mailing list