On Thu, 2 Oct 2003, Andreas Stollar wrote:
> Using freeradius-0.9.1 against openldap-2.1.22. I was able to get this all
> setup fine using passwords, but I have a situation where I would like to
> authenticate all users with LDAP entries, and just pull the attributes out
> of LDAP. Trying to use 'access_attr' to do this. The problem is, I seem to
> be able to connect and authorize to radius and get LDAP attributes
> returned, but it always tries to rebind to LDAP as the userid (But there
> is no password) so that part always failes. Can access_attr be used for
> BOTH authorization and authentication. Here are some relevant configs, and
> debug output. I tried "DEFAULT Auth-Type := Accept" in the users file, and
> still it tries to authenticate by binding to LDAP as the user.
>
> Andreas
>
>
> ldap {
> access_attr = "objectClass"
^^^^^^^^^^^^^
Huh?
> authorize {
> ldap
> }
You need to add the files module in the authorize section
>
> authenticate {
> Auth-Type LDAP {
> ldap
> }
> }
And you don't have anything else than ldap defined in your authentication
section either.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
