falz wrote: > This would technically get things working, but poses a security issue. > I want to have clients associated with backends. The above example > appears that it will simply give priority of one authentication source > over the other, which isn't what I'm trying to do.
You can use Autz-Type to get what you want, but it's more complicated. > I'll look into 2.0 if this is the only way to get this functionality. It's not the only way, but it's *much* easier in 2.0. You just put an entry in the "client" configuration saying "virtual_server = foo", and all requests get processed through "foo". > No, I did not remove the files section. It is called, and loaded per > my output in the previous email. It's not listed in the debug output you posted. So it's not being called. > Looking through the docs, it appears that Autz-Type gives indications > of what I am trying to do: > > http://www.freeradius.org/radiusd/doc/Autz-Type Yes. It may require running two copies of the "files" module, which is more complicated. > I will experiment with it and some syntax, and chime back in when I > get things working for future reference for other users (and for me, > if I neglect to document it myself :) In 2.0: client a { ipaddr = 1.2.3.4 ... virtual_server = foo } client b { ipaddr = 5.6.7.8 ... virtual_server = bar } server foo { authorize { users ... } ... } server bar { authorize { ldap ... } ... } It's more typing to set up, but it's significantly easier to understand and to maintain. It means that there are fewer possibilities for something to go wrong, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html