So, how can I configure radius to authenticate off ldap2 once ldap1 rejects the user because of a bad password. I want to radius to: Lookup in ldap1 : If rejected because of a bad password
then do Lookup in ldap2 Basically I want radius to go through a sequence of lookup if ldap1 fails(ldap reject user password) then go to ldap2 for lookup.. --- Terry J Fike Jr <[EMAIL PROTECTED]> wrote: > Message: 6 > Date: Fri, 16 Jun 2006 09:44:29 -0700 (PDT) > From: fvt3 <[EMAIL PROTECTED]> > Subject: Re: Two Ldaps Authentication > To: FreeRadius users mailing list > <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=iso-8859-1 > > Alan, > > This is what I have in my radius.conf > > > Autz-Type LDAP1{ > ldap_ldap1{ > invalid=return > } > ldap_ldap2 > } > > Auth-Type LDAP1 { > redundant{ > ldap_ldap1{ > } > > ldap_ldap2 > > } > users file > > DEFAULT Auth-Type = LDAP1 > Fall-Through = No, > Reply-Message = "ldap login" > > > > I'm forcing radius to lookup user in ldap1(ldap) and > ldap2(Active Directory). The same user name can > reside on both db backend. With this setup, radius > only works if the user name does not exist on both > db. > If user John is on both db, it would only > authenticate off LDAP1 and not in LDAP2. > > Here is my log > > > <snip> > > correct...this is the way you have it configured. > as long as ONE ldap server answers the request > (whether it be an > authentication allowed or rejected) it still > answered. so it won't fail > over to the next ldap server... > > > > > > > > > > > --- Alan DeKok > > -- > Terry J Fike Jr > System Administrator > MTA Solutions > 907-793-4100 > [EMAIL PROTECTED] > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
