richard lucassen <[EMAIL PROTECTED]> wrote:
> I want to use 1 front-end FR for a set of both LDAP and RADIUS servers
> for authentication and use realms to distiguish between the
> auth-servers:
Ok...
> The radius to radius proxy with realms works fine, no problem. The
> radius to LDAP part works fine as well, very nice piece of work! But
> I'd like to use realms to check wether a user should authenticate
> against LDAP1, LDAP2 or LDAP3:
>
> [EMAIL PROTECTED] --> LDAP1
> [EMAIL PROTECTED] --> LDAP2
> [EMAIL PROTECTED] --> LDAP3
So use the "users" file:
DEFAULT Realm == "xxx", Auth-Type := ldap1
etc.
> So I was wondering if I could connect to different LDAP servers
> using TLS and to different groups/ou's using realms.
Yes. You don't need an external script.
> > What's wrong with using the "realm" module, which comes configured
> > to do realms?
>
> Because in proxy.conf I see a "type" entry which is always set to
> "radius", but I can't find which types are allowed here. You mean that a
> "type = ldap" is possible here?
I did not say that.
> I tried the following now, I put "exec" in the instantiate part of
> radiusd.conf like the doc says. Then, in the ldap module section I
> replaced the line "basedn" with the exec of the script (which outputs
> the right output on stdout, something like "ou=test,dc=example,dc=com")
>
> ldap ldap_test {
> server = "localhost"
> basedn = `{%exec:/usr/local/scripts/realmgrep}`
That's not the correct syntax. See "doc/variables.txt"
> WARNING: Unknown variable '%e': See 'doc/variables.txt'
> radius_xlat: '{%exec:/usr/local/scripts/realmgrep}'
Exactly.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
