Dave Mussulman <[EMAIL PROTECTED]> wrote:
> Thanks for the pointer. Knock on wood, I think I have things working.
> This project is really amazing, and it's gotten really easy to setup
> EAP. That's a big credit to its maintainers.
Thanks. I'm not sure everyone would agree on ease of use, but...
> There's one more feature I'd like to configure before going into
> production. I'd like to authenticate locally (off the users file, and
> in production a mysql database,) and if that fails (user missing, etc.)
> fall back on the mschap/ntlm_auth scheme. What's the best way to set
> that up?
You don't, because the server doesn't authenticate off of the users
file, or MySQL database. It finds users there, but it doesn't do
authentication.
> Do I need the failover configurations, or special instructions
> in the users file, or special ordering in the authorize/authenticate
> section? The EAP tunneling has me confused where it gets its order
> from.
You can set up the "authorize" section with configurable failover
(doc/configurable_failover), to say:
try "users"
try "mysql"
if not found, do something else...
Once the "authorize" section has determined which authentication
type to try for a user, it doesn't matter if the password is in
"users", "sql", or an NT domain.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
