Hi!

>From the documentation about ClientListLDAP [0]:

```
[...]
You can have some client details in your Radiator configuration file and
some in <ClientListLDAP> although this can be confusing to future
administrators.
[...]
```

We are trying to clean up our configuration by moving the secrets to
LDAP and it works for most clients just fine. But the some parts of the
configurations requires "Identifiers" on specific clients, e.g:

```
<Client r1.example.com>
    Identifier se-root
</Client>
```

So I did as the documention stated, mixed the configuration by adding
the secret to LDAP and the lines above in the configuration file. And I
think is works but I'm a bit scared by the error messages that now can
be found in the log:

```
Tue Oct  3 08:12:35 2017: ERR: No Secret or TACACSPLUSKey defined
for Client r1.example.com in '/local/radiator/conf/radius.cfg'
```

The following questions comes to mind:

1. Is the error message a real error?
2. If I have a secret configured in both LDAP and the config file,
   which secret will be used?

[0] https://www.open.com.au/radiator/ref/ClientListLDAP.html


--
jocar
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to