thank you for the quick response. the reason i created the admin account was for use during ldap outages and you are correct that this account does not exist in ldap. what would be a better way to go about accomplishing this. i want the admin account to be only available during times when the ldap module returns 'fail'?
On Mon, Aug 16, 2010 at 4:53 PM, Alan DeKok <[email protected]>wrote: > Aqdas Muneer wrote: > > I have setup a freeradius server version 2.1.7 using ldap for > > authentication. What i'm having trouble understanding is that in my > > users file i have a local user called admin. The default user account > > (for ldap) is listed before the admin account in the users file. since i > > have not configured Fall-Through i would expect the admin account to not > > be accessible if ldap query fails, but it is accessible. is my > > assumption wrong? > > No. But if the DEFAULT doesn't match, it will try the "admin" entry. > > Again... run it in debugging mode to see what's happening. In this > case, you *will* see that (a) the request isn't coming from that > huntgroup, or (b), the user isn't in that LDAP group. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
