Greetings,
We have a LDAP server with which we want to do authentication. I also
want to use PAM to authenticate (if LDAP user doesn't exist check PAM).
Here is what I have in radius.conf:
authorize {
files
ldap {
notfound = return
}
}
authenticate {
pam
ldap
}
in the users file:
DEFAULT Auth-Type := Pam
Fall-Through = Yes
DEFAULT Auth-Type := ldap
Fall-Through = Yes
I try logging in as a user that does not exist in LDAP (PAM auth).
The authorize section returns not found, of course, and the authenticate
section doesn't even try pam. The debug shows that it tries LDAP and
then fails on the login, sending back an Access-Reject.
I want it to try ldap first, then try PAM if the LDAP returns a user not
found. Is this possible?
Thanks.
--
Brendon Colby
Systems Administrator
Midcontinent Communications
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
