Mike Sturdee <[EMAIL PROTECTED]> wrote:
> users that dial into a number ending in 195 get the correct Auth-Type &
> Autz-Type, as do other calls that need to auth off of LDAP1. Problem is,
> when I have the LDAP2 instances in authorize {} authenticate {}, users
> authing off of LDAP1 do not get the correct group attributes per the group
> lookup in module instance ldap1. when radiusd is in debug mode, it shows
> the LDAP1 users going through both the ldap1 and ldap2 module instances..Yes. The "authorize" section processes the modules from top to bottom, even if set Autz-Type previously. The issue is that the "authorize" section *started* by processing modules from top to bottom, and the Autz-Type was added later. So it may not entirely do the right thing at times... I'm open to suggestions for what to do with the "authorize" section and Autz-Type. I don't want to break older configurations, so that's a bit of a constraint. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
