Hi Folks, Radiator 4.12.1
I'm attempting to add another <AuthBy FILE> statement in the below <AuthBy GROUP> block that will ACCEPT a user/pass combo IF they are in the FILE, preferably after first checking the <AuthBy LDAP2> method. I need to keep the first two <AuthBy FILE> methods, as they are Blacklist files AND it appears that I need to use AuthByPolicy ContinueWhileAccept as my GROUP policy for this to work. So, the question is CAN I insert another <AuthBy FILE> method after <AuthBy LDAP2> and will this work as I want IF the user is not in the LDAP Directory, eg IF LDAP fail;s will it drop down to the next <AuthBy> statement ? OR do I need to add another <AuthBy GROUP> all together in order for this to work ? Thanks for any assistance ! -john <AuthBy GROUP> AuthByPolicy ContinueWhileAccept # Make sure MAC address is not blacklisted.. <AuthBy FILE> NoEAP # Calling-Station-Id attribute is the user's MAC in this case. AuthenticateAttribute Calling-Station-Id AcceptIfMissing Filename /etc/radiator/MacAddrBlacklist.txt </AuthBy> # Make sure USERNAME is not blacklisted.. <AuthBy FILE> NoEAP AcceptIfMissing Filename /etc/radiator/UsernameBlacklist.txt </AuthBy> <AuthBy LDAP2> ### #Directory server info Host directory.ucsb.edu Port 636 BaseDN o=ucsb #This specifies the attribute that must be present #to allow authentication. Everyone has a uid.... UsernameAttr uid ServerChecksPassword # This IS used for TLS or SSL between RADIATOR and [[LDAP]].... UseSSL SSLCAFile /etc/radiator/certs/demoCA/cacert.pem SSLVerify none #HoldServerConnection Timeout 2 FailureBackoffTime 30 Version 3 </AuthBy> </AuthBy> -- John Goubeaux Systems Administrator Gevirtz Graduate School of Education UC Santa Barbara Education 4203C 805 893-8190 _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator