Basavaraj Bendigeri <[EMAIL PROTECTED]> wrote: > My users file contains the directives : > > DEFAULT Auth-Type := LDAP > Fall-Through = 1 > > DEFAULT Auth-Type := System > Fall-Through = 1
Why? You're setting the Auth-Type to LDAP, and then immediatley throwing that away, and setting it to System. That makes no sense. > However , I commented all the entries in the users file and tested the > radius server with a different username ,using the following command > > radtest guest hello123 localhost 10 testing123 > > and it works fine too !!! > > NOTE : The user guest has a DN entry in the ldap directory . Yes, your debug log shows: > modcall: group authorize returns ok > rad_check_password: Found Auth-Type LDAP So something is setting Auth-Type to LDAP. That's why the user is being authenticated against the LDAP directory. > The module "files" returns not found since there is no entry in the > users file still the authorization is done with ldap . I was under > the impression that if a user-name is not present in the users file > then the user should be denied access OR am I doing something wrong > here . The 'users' file is just one authorization method out of many. You allowed LDAP to be used, so when you disallowed the users file, LDAP was still permitted, and therefore it was used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
