Thanks Alan.
I figured it out. It should be
ldap2 {
notfound = reject
}
as ldap2 is returning notfound status.
Thanks so much again.
--- Alan DeKok [EMAIL PROTECTED] wrote:
Eric Martell [EMAIL PROTECTED] wrote:
Thanks so much Neal. You got it 95% right. The
problem
is FreeRadius
Hi...
I need to do multiple ldap lookups (2).. The
purpose of both the ldaps are different so it does not
abide with configurable_failover scenario in a way.
ldap1.
This ldap is solely used for authentication for
given user.
ldap2.
This ldap is solely used for checking ldap attribute
If(authentication in ldap1 success) {
Use ldap1 in the authenticate stage of radiusd.conf
if(productCode attribute exists in ldap2 success) {
Use ldap2 in the authorize stage of radiusd.conf
Authorize is performed first in FreeRadius (you show authenticate
First), but it shouldn't
Thanks so much Neal. You got it 95% right. The problem
is FreeRadius always authorize first (no matter what
the order in radiusd.conf) and then authenticate.
authorize {
.
.
.
ldap2
}
authenticate {
.
.
.
ldap1
}
So if the user fails in
Eric Martell [EMAIL PROTECTED] wrote:
Thanks so much Neal. You got it 95% right. The problem
is FreeRadius always authorize first (no matter what
the order in radiusd.conf) and then authenticate.
Yes, that's how the server works.
(This authorize should break the sequence and
return
5 matches
Mail list logo