On Tue, 15 Jun 2004, Michael Check wrote:
> This was the first try in thinking that the Authentication would cascade
> through the servers. I had set up diff groups in testing, but couldn't get
> freeRADIUS to come up with the correct Auth-Type (like you suggest below).
>
> >> How can we get freeRADIUS to know that we're authenticating off the _second_
> >> LDAP server?
> >
> > Put the ldap modules into different authtype groups: LDAP1 and
> > LDAP2, and then set Auth-Type to one of LDAP1 or LDAP2.
>
> OK. I can place them in diff groups as I show below, but how (and where) do
> I set the correct Auth-Type?
Is there something in the radius packet that would tell you which domain
they are from? Username or NAS-IP? If so, then you can put that in the
users file and use huntgroups.
in huntgroups.
somedomain NAS-IP-Address == 1.1.1.1
otherdomain NAS-IP-Address == 2.2.2.2
in users
DEFAULT Huntgroup-Name == somedomain, Autz-Type := LDAP1, Auth-Type :=
LDAP1
Fall-Through = no
DEFAULT Huntgroup-Name == otherdomain, Autz-Type := LDAP2, Auth-Type :=
LDAP2
Fall-Through = no
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
