kevin J <[EMAIL PROTECTED]> wrote: > 1) ldapsearch for a-table > 1-1) if the user exists in a-table, do pap or chap > 2) if any of above fails, ldapsearch for b-table > 2-1) if the user exists in b-table, do chap or pap > 3) if any of above fails, ldapsearch for c-table > 3-1) if the user exists in c-table, do chap or pap
I'm not sure why you have "do chap or pap" for every line. If they're all the same that way, you don't need it. And the "authenticate" section is different from the "authorize" section, so you definitely can not put the two together. The server does not support a model of "try to authenticate the user, and if they fail, re-run the user through the authorize section". That's not only hard to do, it's very problematic. I suggest doing: - if user is not found in a-table, try b-table, - if not found in b-table, try c-table - use whatever credentials were found to do an appropriate authentication Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html