On Wed, Nov 21, 2018 at 3:52 AM Mike Jumper <[email protected]> wrote:
> On Tue, Nov 20, 2018 at 10:46 AM Nick Couchman <[email protected]> > wrote: > > > Hey, everyone, > > Ran back into an issue with the RADIUS module that I thought was > resolved a > > while back, but seems to have re-appeared. In my current testing, I'm > > using both RADIUS and JDBC PostgreSQL for authentication. Guacamole > loads > > and evaluates authentication against each of the extensions in > alphabetical > > order. If I have the RADIUS module installed such that it loads and > > evaluates *after* the JDBC module, authentication fails for the RADIUS > > users. If I have the RADIUS module installed such that it loads and > > evaluates *before* the JDBC module (put a 0 in front of radius - e.g. > > guacamole-auth-0radius-1.0.0.jar), it works correctly. > > > > > What is the expected behavior for the case that RADIUS is queried last? > > That authentication of that user moves through each of the modules. So, if the JDBC module fails, either because the user is not present in JDBC or is present but password does not match, authentication moves on to the RADIUS module and is checked against that module. I believe this works correctly between, for example, LDAP -> JDBC (although I've never tried putting LDAP authentication *after* JDBC), so I'm not sure why it isn't working for JDBC -> RADIUS. -Nick
