Benedikt Panzer <[EMAIL PROTECTED]> wrote: > Ok, I assume that a requests isn't proxyed if its Auth-Type is set to > ldap. To prevent this, I could delete the first line and just write: > > /DEFAULT Proxy-To-Realm := "students"/ > > Then the ldap module is still queried
For the *authorize* section, not for *authentication*. > /DEFAULT Auth-Type != LDAP, Proxy-To-Realm := "students"/ You're still confusing authorize with authenticate. You can use doc/configurable_failover to say "authorize via ldap, and if it returns notfound, then use files" authorize { ... group { ldap { ok = return notfound = 1 } files } ... } > I'm still not sure whether Fall-Through could help in this situation. No. Fall-Through is ONLY for the "users" file. > By searching the mailing list I found a hint about failover > configuration and spend almost a day with reading and trying this. But > now I think that doesn't help to reach my aim. Or does it? (Nevertheless > I was really impressed by the power and flexibility of the authorize and > authenticate sections in radius.conf. That's really great - if you need > it ;-) Many people do, which is why it's there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html