users that dial into a number ending in 195 get the correct Auth-Type &
Autz-Type, as do other calls that need to auth off of LDAP1. Problem is,
when I have the LDAP2 instances in authorize {} authenticate {}, users
authing off of LDAP1 do not get the correct group attributes per the group
lookup in module instance ldap1. when radiusd is in debug mode, it shows
the LDAP1 users going through both the ldap1 and ldap2 module instances..
Am I right in thinking it should only go through one or the other when
Auth-Type is set as such?
-Mike
#radiusd.conf
---------------------------------------------
modules {
ldap ldap1 {
...............
}
ldap ldap2 {
...............
}
}
authorize {
Autz-Type LDAP1 {
ldap1
}
Autz-Type LDAP2 {
ldap2
}
}
authenticate {
Auth-Type LDAP1 {
ldap1
}
Auth-Type LDAP2 {
ldap2
}
}
---------------------------------------------
# users
---------------------------------------------
DEFAULT Called-Station-Id =~ "195$", Auth-Type := LDAP2, Autz-Type :=
LDAP2
............etc
DEFAULT Auth-Type := LDAP1, Autz-Type := LDAP1
Fall-Through = Yes
DEFAULT Auth-Type := LDAP1, Autz-Type := LDAP1, Ldap-Group == "dial1"
.......etc
DEFAULT Auth-Type := LDAP1, Autz-Type := LDAP1, Ldap-Group == "dial2"
........etc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
