Matt Ashfield wrote:
> I guess what I meant was that we'd want to authenticate the user in one of
> two ways:
> 
> (1) as a System User. So the clients credentials would be compared against
> the system users, 
> 
> OR, if no such user exists
> 
> (2) verify the client against credentials stored in LDAP.

  See doc/configurable_failover.

  It's easier in the CVS head, because the "unix" module doesn't have an
"authenticate" section any more, as it doesn't need one.  There, you can do:

  group {
        unix {
                updated = return
        }
        ldap
  }

> Both of these scenarios work individually. Meaning I can configure FR to
> authenticate System users. I can also configure FR to authenticate against
> LDAP. But we cannot seem to combine them and offer both options.

  Perhaps you could paste part of your configuration && part of the
debug log.

  Odds are you're forcing system authentication, so that works... OR
you're forcing LDAP, so that works.  But forcing one means that the
other is forbidden.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to