Florian Prester <[EMAIL PROTECTED]> wrote: > authorize: If I place the "users"-word before anything else, the > authorization should take place by the users-file, which means if an > user exists in the users-file it is authoized? correct?
It means that the "users" file is processed before anything else. You don't need to move it, though. The default configuration works. > authenticate: If the password matches cleartext/crypt the users is > authenticated? correct? Yes. > 2.) If I try to uses PEAP and LDAP I need cleartext-passwords!? correct? Or NT-Password. > If I add "ldap" after the "users"-wordin the authorize-section ldap > should only be used, if the user cannot be found in the users-file? No. See doc/configurable_failover > If I add password_attribute = "sn" thr user is authenticated, if > the password-hash-challenge is matching the sn-hash-challenge, meaning > the sn-attribute is taken as password? correct? Yes. > 3.) What means the Groupe-authenticate/authorize if I am using ldap? I'm not sure what you mean by that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html