Check local before LDAP Authentication
Jorge Pereira
jpereira at freeradius.org
Fri May 28 15:29:21 CEST 2021
Hi Matteo,
First of all, its hard to help you without the debug logs, please https://wiki.freeradius.org/guide/radiusd-X <https://wiki.freeradius.org/guide/radiusd-X>
Other than that, please take a look at https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO <https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO> if you’re looking for AD or just take a look at /etc/raddb/mods-available/ldap. Then, back to us with some debug output.
—
Jorge Pereira
jpereira at freeradius.org
> On 28 May 2021, at 08:52, Matteo Raffa <matteo.raf at gmail.com> wrote:
>
> I’ve found some old posts about this on the mailing list, but all of those were 10+ years old and using v1 or v2.
>
> Further to that, I am using LDAP for authentication (Google doesn’t send passwords).
>
> So, in my authorize {} I have set this before pap to set the proper auth method:
>
> if (User-Password) {
> update control {
> Auth-Type := ldap
> }
> }
>
> Now I believe that I should just need to add another condition to check for files module returning notfound code, so that it only sets ldap in case the user is not found in files, otherwise it will just go on to pap.
>
> Something like
> if (User-Password && files == notfound) {...}
>
> But I can’t find the correct way to do this check. What is the attribute name corresponding to “files module return code” that I should check?
>
> I checked man unlang for that, but it only says that I can check for a module return code just after its execution.
> It doesn’t tell anything about a variable storing each module’s return code.
>
>
>
> Thanks!
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list