> On Thu, 26 Nov 2009 18:21:29 -0000 (UTC) > t...@kalik.net wrote: > >> > As i doesn't have any other auth rather LDAP it is done >> > automatically. I hope so. ;-) >> >> Enable files (and comment out ldap entries) and put: >> >> DEFAULT Auth-Type := tam >> >> at the top of the users file. That's much cheaper way. > > Hm... I think i don't understand you. What to disable in > what section? authorize or authentificate?
Remove tam and lotus from authorize section of default virtual server - you are not authorizing anything just doing authentication. Instead just put that line at the top of the users file and enable files in authorize. >> Check base_dn. You say it is different but server debug >> would disagree. >> > > But they are. > > ldap tam { > server = "skoll-vm1.kmz.ts" > basedn = "o=tamknown" > filter = "(uid=%{User-Name})" > authtype = tam > start_tls = no > dictionary_mapping = > ${raddbdir}/ldap.attrmap > ldap_connections_number = 5 > timeout = 4 > timelimit = 3 > net_timeout = 1 > compare_check_items = no > do_xlat = no > access_attr_used_for_allow = no > set_auth_type = yes > } > ldap lotus { > server = "ldap.kmz.ts" > basedn = "o=tsas" > filter = "(uid=%{User-Name})" > authtype = lotus > start_tls = no > dictionary_mapping = > ${raddbdir}/ldap.attrmap > ldap_connections_number = 5 > timeout = 4 > timelimit = 3 > net_timeout = 1 > compare_check_items = no > do_xlat = no > access_attr_used_for_allow = no > set_auth_type = yes > } Post the debug of server startup (part before requests can be processed. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html