Alan DeKok wrote: > If you want only one or the other, you'll have to set the > configurable fail-over sections of the module. See the 'doc' > directory for more information.
I'm sorry - must have overlooked that documentation file. It took me a couple of times of reading but finally I understood enough to make my imagination become configuration file lines. For everybody who wishes to do the same as I (which is authenticating a user both by MySQL and the users file) then this is for you: authorize { preprocess suffix group { files { notfound = 1 noop = 2 ok = return updated = 4 fail = return reject = return userlock = return invalid = return handled = return } sql { notfound = 1 noop = 2 ok = return updated = 4 fail = return reject = return userlock = return invalid = return handled = return } } } I'm not quite sure what "noop" or "fail" or "userlock" is as it was not commented properly in the modules for MySQL and users authentication either. But "ok" stands for Access-Accept and "reject" is for Access-Reject. So as I want to process the sources (MySQL and users) until any of them has decided on an accept or reject response, this one does it. I first mixed it with "redundant". Using that directive FreeRADIUS assumes to have really redundant data (the "same" data) in all sources. But that's not what I wanted to do. Maybe "append" does it but it's not documented. So I have to stick to this. > Yes. They over-write the ones set by the 'users' file. So FreeRADIUS by default collects all attributes from the sources to form a reply? Interesting. > How do you know that the attributes are from MySQL, and not from the > 'users' file? During my tests I set a reponse item Reply-Message to "This is MySQL" and "This is the users file" to find out which one matched. > We also need to apply the patch to the SQL module, which allows the > use of operators in the SQL configuration. I have a patch sitting > around, but it's old, and won't apply to the current version. What does that curious patch do? Thank you for your reply. Awkward enough to find that in the docs. At least it works now and I understand much more than I ever wanted. ;) Christoph - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html