On Tue, 2004-05-25 at 17:05, Barry Stewart wrote: > It's not even trying to connect to the LDAP server. Is this something I > have to configure in the users file? I stopped telling the server to > authenticate via LDAP and now ethereal confirms it doesn't query the > server for anything. The LDAP info is in the radiusd.conf file. What > is supposed to trigger the LDAP query? You said not to try telling the > server to use any Auth-Type. I've tried commenting all of this out of > the Authenticate section and I've tried the default configuration. If > this needs to be done in the users file per user or with a catch all I'm > not finding any examples. Sorry to be a pain but I must be overlooking > a fundamental config option or I'm not even looking in the right direction.
Just a guess, but you probably want to have LDAP in the Authorize section. You never want to Authenticate to LDAP, MySQL or anything else like that. Being able to do so means these users can login *directly to the LDAP/Mysql/etc service*. That would be bad. You want to tell FreeRADIUS to use LDAP to Authorize these users (ie go get their username/password info from LDAP) and then FreeRADIUS will handle the Authtication properly once it has Authorized them. I think the confirmation email to subscribe to this list should include a requirement to understand the difference between Authenticate and Authorize. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com
signature.asc
Description: This is a digitally signed message part