sql authorization but using LDAP for authentication?

Coy Hile coy.hile at coyhile.com
Sat Jan 8 03:00:29 CET 2022



> On Jan 7, 2022, at 6:51 PM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Jan 7, 2022, at 4:02 PM, Coy Hile <coy.hile at coyhile.com> wrote:
>> My question is that since there’s a username set from the LDAP module, but NOT one found in the SQL module, the sql module never checks the `radreply` table.
> 
>  Yes... the documentation says that's how the SQL module works.  If the user is found in "radcheck", then the corresponding "radreply" items are used.  If the user isn't found in "radcheck", then no "radreply" items are used.
> 
>> Is there some configuration that I need to tweak to make the server check `radreply` table even there’s no user returned from the rad check table?
> 
>  No.
> 
>  Why not just create a "radcheck" item for the user?  It doesn't have to be anything specific.  Just checking if the User-Name matches the user would work.
> 

Brilliant! A check that holds vacuously worked like a charm. I appreciate your help.

--
Coy Hile
coy.hile at coyhile.com




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220107/597a608c/attachment.sig>


More information about the Freeradius-Users mailing list