Alan,
> Do authorization && authentication through the ldap module. Then if
> the user isn't found in ldap, you can do a configurable fail-over to
> the 'files'. module.
Thanks - this seems to work for me, there is only one problem left:
authenticate {
ldap
}
authorize {
group {
ldap {
notfound = return
ok = 1
}
files
notfound = 1
ok = return
}
files-default
}
Now, if the user isn't found in ldap, the module "files-default"
is considered, which points to a users file with the "standard
accept reply".
But if the user exists in ldap and the password was wrong, the
request ist still rejected (ldap authorization returns ok, the
module files is taken into account, ldap authentication returns
reject). Is it possible to change this behauviour in such a way
that in this case, the default accept reply is returned too?
Roland
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
