I'm trying to merge two user databases with overlapping usernames. One database is stored in OpenLDAP with Freeradius doing the auth. The other is stored in MS-SQL/Platypus with Radiator. Ideally I would like to run everything through a single FreeRADIUS server which would hit my LDAP server first then fail over to MS-SQL. Right now I can't get the MS-SQL stuff to work properly and I'm hitting a time crunch. The numbers will be ported next week which means the userbase/modem pool will collide next week. As a short term measure I would like to configure something like
authentication {
ldap {
fail = 1
}accept-everyone }
I would then like to work on something like:
ldap {
fail = 1
}proxy (to the radiator RADIUS server which hits MS-SQL)
Ultimately I would like:
ldap {
fail=1
}mssql {
fail = 1
}I need to figure out the correct auth_sql_query stuff to work with Platypus. I already have FreeRADIUS configured to using unixODBC -> FreeTDS -> MS-SQL. I can run queries against the MS-SQL database, just don't have the correct query.
At this stage in the game I don't have time to figure out the ultimate (read correct) solution and I just want to hit LDAP and fail over to accept everyone.
On Mar 16, 2005, at 10:35 AM, Joe Maimon wrote:
Perhaps you would put the files section after ldap and have a DEFAULT for allow in the users file?
Matthew Crocker wrote:I need to configure FreeRADIUS to authenticate/authorize off LDAP (I have this working). And if that fails (incorrect password, user unknown) to send an Accept packet back to the NAS. In other words, I want to allow everyone into the NAS but if they are in LDAP use their specific LDAP information for the connection.
-Matt
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
