On 05/07/2014 07:46 PM, CLAdirect - Sergei Kortscheff wrote:
> A hotspot service uses forms authentication to validate users against an
> Active Directory server, using LDAP port 389, so far so good.
>
> The problem begins when we require to authenticate against two active
> directory servers on two separate domains, since the WiFi solution only
> allows to associate one single server to authenticate maybe I could use
> radiator as a proxy to relay all LDAP data to both Active Directory servers.
>
> Can something like this be done?
Maybe something like this would work:
<Handler>
AuthByPolicy ContinueUntilAccept
<AuthBy LDAP2>
# Settings for AD 1
</AuthBy>
<AuthBy LDAP2>
# Settings for AD 2
</AuthBy>
</Handler>
The above would try AD 1 first and if it does not accept the attempt
(password is wrong, the AD itself is unreachable, anything else), then
AD 2 would be tried.
Note: this works for plain password based authentication (PAP) where no
Access-Challenges are needed.
There are other possible AuthByPolicies too. Please see the reference
manual for the details.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
