Basavaraj Bendigeri [EMAIL PROTECTED] wrote:
My users file contains the directives :
DEFAULT Auth-Type := LDAP
Fall-Through = 1
DEFAULT Auth-Type := System
Fall-Through = 1
Why? You're setting the Auth-Type to LDAP, and then immediatley
throwing that away, and setting it to System. That makes no sense.
However , I commented all the entries in the users file and tested the
radius server with a different username ,using the following command
radtest guest hello123 localhost 10 testing123
and it works fine too !!!
NOTE : The user guest has a DN entry in the ldap directory .
Yes, your debug log shows:
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
So something is setting Auth-Type to LDAP. That's why the user is
being authenticated against the LDAP directory.
The module files returns not found since there is no entry in the
users file still the authorization is done with ldap . I was under
the impression that if a user-name is not present in the users file
then the user should be denied access OR am I doing something wrong
here .
The 'users' file is just one authorization method out of many. You
allowed LDAP to be used, so when you disallowed the users file, LDAP
was still permitted, and therefore it was used.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html