>Guillaume Chartrand wrote: >> I use freeradius 2.0.0 on red hat enterprise 3 AS and I set the authorize section to check the user credential with an >sql database. This configuration works. >> But I want to know and how to do that if it's possible, if the user isn't the sql database, can freeradius check >another database, like an ldap database. So when the user is in the sql database he gain access, if not he look in a >ldap database and if he are present with valid credential, he gain access. > > Yes.
> ... > sql > if (notfound) { > ldap > } > See "man unlang". > Alan DeKok. I write the if in my authorize section.. here some of my config in site-enabled/default authorize { preprocess chap mschap unix suffix sql if (notfound) { ntlm_auth } eap expiration logintime pap } authenticate { ntlm_auth Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix eap } And here is my radiusd.conf modules { exec ntlm_auth { wait = no program = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-intranet} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } $INCLUDE eap.conf mschap { with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-intranet} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } } If I comment in the mschap module the ntlm_auth and the user is present in sql, he's accepted. If he's not in sql but in my Active directory database, he's rejected If I comment out the ntlm_auth line, my sql user is rejected but my AD user was accepted. So Where I'm wrong, I want to use both authorize database. Thank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html