On Sat, Oct 05, 2002 at 02:20:11AM +0300, Kostas Kalevras wrote:
>
> You always set Auth-Type to ldap in your users file. I would suggest something
> like this (i haven't tested it though):
>
> authenticate{
> pam
> ldap
> }
>
> authorize {
> ldap
> files
> }
>
> users file:
>
> DEFAULT Auth-Type = Pam
>
> That way if ldap finds the user it will set by default the Auth-Type to ldap
> (the module handles that). If it returns notfound then the users file will set
> Auth-Type to Pam.
>
> doc/configurable_failover is very helpfull on this.
>
I have two users. One exists in LDAP, one exists on a Windoze PDC and is
accessed through PAM. With the above setup, when I log in with the LDAP
user, the authorize section returns success but the authenticate section
only tries PAM, which fails resulting in an Access-Reject. If I log in
with the PAM user, the LDAP authorize section fails but the files
section passes, and the authenticate passes of course resulting in an
Access-Accept.
How can I get freeradius to try PAM and then try LDAP on failure?
--
Brendon Colby
Systems Administrator
Midcontinent Communications
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
