On Mon, Apr 13, 2009 at 4:48 AM, Ivan Kalik wrote:
> > You've mentioned a few times that LDAP is not meant for
> authentication, however the default config that ships with FreeRADIUS has
> LDAP in
> > the authentication section. Could you clear that up a little for me
> please? (or point me to
>
> Don't force Auth-Type Ldap.
>
> But you will have to use two sql instances - one to store reply info and
> one to store backup passwords. You can't store passwords in sql (used for
> reply attributes) and ldap as well.
> authorize {
> ...
> sql_reply
> ldap
> if (notfound | fail) {
> sql_b
> You've mentioned a few times that LDAP is not meant for authentication,
however the default config that ships with FreeRADIUS has LDAP in
> the authentication section. Could you clear that up a little for me
please? (or point me to somewhere it's been cleared up before?)
Don't force Auth-Ty
On Fri, Apr 10, 2009 at 11:51 PM, Alan DeKok wrote:
> Justin Steward wrote:
> > I want to return some radius reply attributes from an SQL database,
> > check the user's password against an openLDAP server
>
> As I said... LDAP isn't an authentication protocol.
>
> > (maybe a Windows
> > Server ru
Justin Steward wrote:
> I want to return some radius reply attributes from an SQL database,
> check the user's password against an openLDAP server
As I said... LDAP isn't an authentication protocol.
> (maybe a Windows
> Server running AD at some point in the future), and if possible fall
> back
On Fri, Apr 10, 2009 at 7:32 PM, Alan DeKok wrote:
> Justin Steward wrote:
> > Thanks for the reply. Since SQL modules can't go in authenticate, this
> > would have to be in authorize, yes? How then, would I get the reply
> > attributes out of the SQL database? Or am I misunderstanding something?
Justin Steward wrote:
> Thanks for the reply. Since SQL modules can't go in authenticate, this
> would have to be in authorize, yes? How then, would I get the reply
> attributes out of the SQL database? Or am I misunderstanding something?
Maybe you could describe exactly what you want to do.
>
On Thu, Apr 9, 2009 at 10:27 PM, Alan DeKok wrote:
>
> $ man unlang
>
>...
>ldap
>if (fail) {
>sql
>}
>...
>
Hi Alan,
Thanks for the reply. Since SQL modules can't go in authenticate, this would
have to be in authorize, yes? How then, woul
Justin Steward wrote:
> My first problem is this: I want to store reply attributes for my users
> in a MySQL database, however I want them to authenticate against an LDAP
> server. No problem, I sort of have this working. Except the reply
> attributes get sent even on an Access-Reject packet. This
> I'm sure these are questions that have been asked a thousand times, but
can't for the life of me find the answers I'm looking for.
> My first problem is this: I want to store reply attributes for my users
in a MySQL database, however I want them to authenticate against an LDAP
server. No probl
Hi guys,
I'm sure these are questions that have been asked a thousand times, but
can't for the life of me find the answers I'm looking for.
My first problem is this: I want to store reply attributes for my users in a
MySQL database, however I want them to authenticate against an LDAP server.
No p
11 matches
Mail list logo