Hello Dave -
On Wed, 22 Nov 2000, Dave Kitabjian wrote:
> (See the official definitions from the manual below.)
>
> I find these definitions confusing. For NoDefaultIfFound, it says "Radiator
> will only look for a DEFAULT if there were no entries found in the user
> database for the user". In that case, shouldn't this be called
> DefaultIfNotFound?
>
No. NoDefaultIfFound means that if a user entry is found and fails, then don't
do a DEFAULT lookup. This is the opposite to the standard behaviour, which is
to do a DEFAULT lookup either if the user is not found, or if the user is found
but fails.
> The reason this came up is that our <AuthBy LDAP2> was doing the latter even
> WITHOUT specifying NoDefaultIfFound: any time a username did not exist, it
> looked again for DEFAULT, wasting time (since we don't use a DEFAULT user).
In that case you should use NoDefault.
> Is NoDefaultIfFound supposed to be on by default for LDAP2? Anyway, we
> appear to have gotten around this by specifying NoDefault. But note that
> this explanation is also incomplete; it says that it consults DEFAULT when
> it "finds [a user], but the users check items fail". However, at least for
> LDAP2, it ALSO consults DEFAULT when the user doesn't exist at all.
>
> If I am confused, I'll be glad if someone can clear this up. But hopefully
> this is a clarification that will help someone else out there. Thanks for
> listening!
>
The standard behaviour for Radiator is to look for a specific user in whatever
database, and if the user fails or is not found, then do a DEFAULT lookup
(multiple DEFAULT entries are handled by looking for DEFAULT, DEFAULT1,
DEFAULT2, etc.). There are many situations like yours in which DEFAULT entries
are not used, so to turn off this behaviour entirely, use NoDefault.
However, there are also situations in which cascaded AuthBy clauses are being
used and if a user entry is not found in a particular database, a DEFAULT entry
is used to go on to the next AuthBy. In this case, if a user entry is found and
it fails, the correct behaviour is not to go on to the next AuthBy, hence
NoDefaultIfFound.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
