freeradius-1.0.0 Red Hat Enterprise Linux AS release 3 (Taroon Update 2) openssl-0.9.7a-33.4.i686.rpm openldap-2.2.13 (on localhost)
In raddb/users...
DEFAULT Ldap-UserDN := `uid=%{User-Name},,dc=richmond,dc=edu`, Auth-Type = ldap, Autz-Type = ldap
If raddb/radiusd.conf has...
authenticate {
Auth-Type ldap {
ldap1
}
}
authorize {
Autz-Type ldap {
ldap1
}
#ldap1
}...Then radiusd produces...
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
However if I change raddb/radiusd.conf so that...
authorize {
#Autz-Type ldap {
# ldap1
#}
ldap1
}... Then radiusd flows successfully through authorize and authenticate. My ultimate goal is a little more complex than this example-- I've just reduced the problem to the simplest form I can think of in order to find the problem.
Ultimately, I want to prevent rlm_ldap from to doing the initial ldap search for the user, as described in
doc/freeradius-1.0.0/rlm_ldap and just move on through to the authentication part--- where rlm_ldap binds as the user. When authenticate calls rlm_ldap, the initial search is always done, even if the UserDN has already been defined in users. Seems to me, the only way to bypass this initial bind-and-search would be to have an Autz-Type which calls rlm_always ok, and then an Auth-Type that calls rlm_ldap. Right? But I can't seem to get Autz-Type to work even in this simplified example above.
Thanks for any suggestions.
Coates Carter University of Richmond
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
