Hello,
> On 10 May 2016, at 21:58, John Goubeaux <goube...@education.ucsb.edu> wrote:
>
> So, the question is CAN I insert another <AuthBy FILE> method after
> <AuthBy LDAP2> and will this work as I want IF the user is not in the
> LDAP Directory, eg IF LDAP fail;s will it drop down to the next
> <AuthBy> statement ? OR do I need to add another <AuthBy GROUP> all
> together in order for this to work ?
>
if a user can not be found from LDAP, AuthBy LDAP2 returns REJECT
and if LDAP connection fails, it will return IGNORE, so you could do it like
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy FILE>
Identifier MAC-Blacklist
...
Blacklist
</AuthBy>
<AuthBy FILE>
Identifier User-Blacklist
...
Blacklist
</AuthBy>
<AuthBy GROUP>
AuthByPolicy ContinueUntilAcceptOrChallenge
<AuthBy LDAP2>
Identifier LDAP-Users
...
</AuthBy>
<AuthBy FILE>
Identifier Local-Users
...
</AuthBy>
</AuthBy>
</AuthBy>
Please see Radiator reference manual (http://www.open.com.au/radiator/ref.pdf)
section "5.27.1 AuthByPolicy" for different policies.
BR
--
Tuure Vartiainen <varti...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
