Justin Steward wrote: > I want to return some radius reply attributes from an SQL database, > check the user's password against an openLDAP server
As I said... LDAP isn't an authentication protocol. > (maybe a Windows > Server running AD at some point in the future), and if possible fall > back against a password stored in a MySQL database. (Though this > password may not always be entirely up to date, so it's only for if the > user either doesn't exist in the directory or the LDAP server is > temporarily unavailable) Why not let FreeRADIUS do authentication, as I suggested? Have the LDAP module pull the password from LDAP. Then, do MySQL. authorize { ... ldap if (notfound | fail) { sql } ... } That does *exactly* what you suggested above. But the last time I suggested that solution, you said you *also* wanted to get reply attributes from MySQL... apparently, even for the users that were found in LDAP. So which is it? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html