Coates Carter <[EMAIL PROTECTED]> wrote:
> The Autz-Type directive doesn't seem to behave the way I would expect,
> based upon what I read in doc/freeradius-1.0.0/Autz-Type .
Autz-Type is applied after the "authorize" section has been processed.
> In raddb/users...
>
> DEFAULT Ldap-UserDN := `uid=%{User-Name},,dc=richmond,dc=edu`,
> Auth-Type = ldap, Autz-Type = ldap
>
> If raddb/radiusd.conf has...
...
> authorize {
> Autz-Type ldap {
> ldap1
> }
> #ldap1
> }
You haven't listed "files", so the "users" file will never be used,
and the Autz-Type will never be set.
> However if I change raddb/radiusd.conf so that...
>
> authorize {
> #Autz-Type ldap {
> # ldap1
> #}
> ldap1
> }
>
> ... Then radiusd flows successfully through authorize and authenticate.
Because the "ldap" module sets "Auth-Type := LDAP", if it wasn't
already set.
> Ultimately, I want to prevent rlm_ldap from to doing the initial ldap
> search for the user, as described in
> doc/freeradius-1.0.0/rlm_ldap and just move on through to the
> authentication part--- where rlm_ldap binds as the user.
Then don't list "ldap" in the "authorize" section.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
