Benedikt Panzer <[EMAIL PROTECTED]> wrote:
> Ok, I assume that a requests isn't proxyed if its Auth-Type is set to
> ldap. To prevent this, I could delete the first line and just write:
>
> /DEFAULT Proxy-To-Realm := "students"/
>
> Then the ldap module is still queried
For the *authorize* section, not for *authentication*.
> /DEFAULT Auth-Type != LDAP, Proxy-To-Realm := "students"/
You're still confusing authorize with authenticate.
You can use doc/configurable_failover to say "authorize via ldap,
and if it returns notfound, then use files"
authorize {
...
group {
ldap {
ok = return
notfound = 1
}
files
}
...
}
> I'm still not sure whether Fall-Through could help in this situation.
No. Fall-Through is ONLY for the "users" file.
> By searching the mailing list I found a hint about failover
> configuration and spend almost a day with reading and trying this. But
> now I think that doesn't help to reach my aim. Or does it? (Nevertheless
> I was really impressed by the power and flexibility of the authorize and
> authenticate sections in radius.conf. That's really great - if you need
> it ;-)
Many people do, which is why it's there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
