>> > With curent configuration i get this: >> > >> > if username aren't found in first LDAP lets proceed to >> the >> > next >> > if username aren't found in second LDAP lets DENY >> access >> >> You probably don't need that after upgrade. Just force >> Auth-Type LDAP in >> users file. > > As i doesn't have any other auth rather LDAP it is done > automatically. I hope so. ;-)
Enable files (and comment out ldap entries) and put: DEFAULT Auth-Type := tam at the top of the users file. That's much cheaper way. >> Create failover inside Auth-Type LDAP: >> >> Auth-Type LDAP { >> tam { >> reject = 2 >> } >> if(reject) { >> lotus >> } >> } >> > > I have realised something like this in my long road to > success. Unfortunately there an issue. > > LDAP1: uid=username,o=org1 > LDAP2: uid=username,o=org2 > > As you can see "o=org..." is different. > > You can see when radius try to authenticate on the second > LDAP (ldap2.ts) it hasn't changed o=org1 to o=org2. This is > a problem. we cannot modify any scheme of those two LDAP > servers. Check base_dn. You say it is different but server debug would disagree. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html