Dave Mussulman <[EMAIL PROTECTED]> wrote: > Thanks for the pointer. Knock on wood, I think I have things working. > This project is really amazing, and it's gotten really easy to setup > EAP. That's a big credit to its maintainers.
Thanks. I'm not sure everyone would agree on ease of use, but... > There's one more feature I'd like to configure before going into > production. I'd like to authenticate locally (off the users file, and > in production a mysql database,) and if that fails (user missing, etc.) > fall back on the mschap/ntlm_auth scheme. What's the best way to set > that up? You don't, because the server doesn't authenticate off of the users file, or MySQL database. It finds users there, but it doesn't do authentication. > Do I need the failover configurations, or special instructions > in the users file, or special ordering in the authorize/authenticate > section? The EAP tunneling has me confused where it gets its order > from. You can set up the "authorize" section with configurable failover (doc/configurable_failover), to say: try "users" try "mysql" if not found, do something else... Once the "authorize" section has determined which authentication type to try for a user, it doesn't matter if the password is in "users", "sql", or an NT domain. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html