hi,
no, if i write authtype, radiusd shows following errormessage:
radiusd.conf[1168] Subsection of module instance call not allowed
if i write autztype, radiusd starts.
Regards
chris
>>> [EMAIL PROTECTED] 18.04.2005 14:02:05 >>>
Hi,
isnt this a typo??
autztype LDAP {
should be AUTHTYPE???
Regards,
Edvin
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of freeradius
Sent: Montag, 18. April 2005 13:34
To: freeradius-users@lists.freeradius.org
Subject: Two LDAP-Servers
Hello,
i tried to implement freeradius 0.8 with two ldapservers for authentication.
i want freeradius to check the one ldap-server first, if user not found, the
other server shoud be asked.
But the second server will only be used by the radius-server, if the first
server is unreachable. If user is not found in server ldap1 freeradius says:
rlm_ldap: object not found or got ambiguous search result
ldap_release_conn: Release Id: 0
modcall[authenticate]: module "ldap1" returns notfound
modcall: group authtype returns notfound
auth: Failed to validate the user.
Can anyone help me?
Best regards
chris
_____________________________________________
ldapconfig in "radiusd.conf":
ldap ldap1 {
server = "sldap1.mydomain.de"
identity = "cn=user,o=level1"
password = ""
basedn = "o=level1"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
notfound = 1
}
ldapconfig in radiusd.conf:
ldap ldap2 {
server = "sldap2.mydomain.de"
identity = "cn=user,o=level1"
password = ""
basedn = "o=level2"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
notfound = 1
}
authorize {
preprocess
chap
mschap
suffix
files
autztype LDAP {
redundant {
ldap1
ldap2
notfound = 1
}
}
}
authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
authtype MS-CHAP {
mschap
}
unix
authtype LDAP {
ldap1
ldap2
}
}
preacct {
preprocess
suffix
files
}
file "user" contains:
DEFAULT Auth-Type := LDAP
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
.+w m *m z
yv+*+
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
