[RADIATOR] <AuthBy FILE> syntax
Tuure Vartiainen
vartiait at open.com.au
Wed May 11 11:37:17 CDT 2016
Hello,
> On 10 May 2016, at 21:58, John Goubeaux <goubeaux at education.ucsb.edu> wrote:
>
> So, the question is CAN I insert another <AuthBy FILE> method after
> <AuthBy LDAP2> and will this work as I want IF the user is not in the
> LDAP Directory, eg IF LDAP fail;s will it drop down to the next
> <AuthBy> statement ? OR do I need to add another <AuthBy GROUP> all
> together in order for this to work ?
>
if a user can not be found from LDAP, AuthBy LDAP2 returns REJECT
and if LDAP connection fails, it will return IGNORE, so you could do it like
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy FILE>
Identifier MAC-Blacklist
...
Blacklist
</AuthBy>
<AuthBy FILE>
Identifier User-Blacklist
...
Blacklist
</AuthBy>
<AuthBy GROUP>
AuthByPolicy ContinueUntilAcceptOrChallenge
<AuthBy LDAP2>
Identifier LDAP-Users
...
</AuthBy>
<AuthBy FILE>
Identifier Local-Users
...
</AuthBy>
</AuthBy>
</AuthBy>
Please see Radiator reference manual (http://www.open.com.au/radiator/ref.pdf)
section "5.27.1 AuthByPolicy" for different policies.
BR
--
Tuure Vartiainen <vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list