I'm trying to merge two user databases with overlapping usernames. One
database is stored in OpenLDAP with Freeradius doing the auth. The
other is stored in MS-SQL/Platypus with Radiator. Ideally I would like
to run everything through a single FreeRADIUS server which would hit my
LDAP server first then fail over to MS-SQL. Right now I can't get the
MS-SQL stuff to work properly and I'm hitting a time crunch. The
numbers will be ported next week which means the userbase/modem pool
will collide next week. As a short term measure I would like to
configure something like
authentication {
ldap {
fail = 1
}
accept-everyone
}
I would then like to work on something like:
ldap {
fail = 1
}
proxy (to the radiator RADIUS server which hits MS-SQL)
Ultimately I would like:
ldap {
fail=1
}
mssql {
fail = 1
}
I need to figure out the correct auth_sql_query stuff to work with
Platypus. I already have FreeRADIUS configured to using unixODBC -
FreeTDS - MS-SQL. I can run queries against the MS-SQL database, just
don't have the correct query.
At this stage in the game I don't have time to figure out the ultimate
(read correct) solution and I just want to hit LDAP and fail over to
accept everyone.
On Mar 16, 2005, at 10:35 AM, Joe Maimon wrote:
Perhaps you would put the files section after ldap and have a DEFAULT
for allow in the users file?
Matthew Crocker wrote:
I need to configure FreeRADIUS to authenticate/authorize off LDAP (I
have this working). And if that fails (incorrect password, user
unknown) to send an Accept packet back to the NAS. In other words, I
want to allow everyone into the NAS but if they are in LDAP use their
specific LDAP information for the connection.
-Matt
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html