Tim Tyler wrote:
> Freeradius experts,
>     I want to use one freeradius server to authenticate against a 
> system file for students and against ldap for faculty/staff.  I can 
> get the system file to work alone.  I can get the ldap module to work 
> alone.  But I can't seem to find a way to get both of them to work 
> together.  If I set DEFAULT Auth-Type = System in the users file, it 
> authenticates the system files.  If I set it to ldap, it 
> authenticates to ldap.

  Which is why we recommend not using Auth-Type.  Almost everyone uses
it wrong.

>  If I put both in the users file, it 
> authenticates ldap users only.

  See "man rlm_users" for why.  It's doing what you tell it to do, not
what you expect it to do.

>  How do I allow both unix and ldap 
> modules to authenticate their respective users?   Note: users are 
> unique to each module.  A user in unix does not exist in ldap and vice versa.

  Don't authenticate people via LDAP.  LDAP isn't an authentication
server.  It's a database.

  Instead, pull the password from LDAP, and let the server decide how
the user should be authenticated.

  You could also set Auth-Type *conditionally*, if the user was in one
group or another.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to