|
Hi All, I am using freeradius with an LDAP backend for authorization
and authentication. At the early stages of the authorisation process, we
have multiple DEFAULT configuration lines in the ‘users’ file which
matches (and auth accept) based on suffix matching on the realm of the username.
The reason for this is to send back a bunch of L2TP attributes without having
to authentication the individual users. The problem I have is that after the ‘users’
file is processed, the LDAP processing also happens which have a number of
issues: 1) Unnecessary
lookup to the LDAP as we don’t need to authenticate the end-users 2) Because we
strip the username before sending it to LDAP, if the username existing in the
LDAP (although it is a user with different realms) the attributed stored in the
LDAP is added to the initial reply-attributes set in the ‘users’
file cause the reply to fail Does any know what can be done to prevent the LDAP lookup
once a match occurs in the ‘users’ file? Regards,
************************************************************************ Registered in England, number 4005262, c/o Hogan and Hartson LLP, One Angel Court, LONDON, EC2R 7HJ United Kingdom |
- Re: Handling Authorisation Processing Teoh, Chee
- Re: Handling Authorisation Processing Kostas Kalevras
- Re: Handling Authorisation Processing Alan DeKok
