[RADIATOR] ClientListLDAP and mixed configuration.

Johan Wassberg jocar at su.se
Tue Oct 3 06:57:47 UTC 2017


Hi!

>From the documentation about ClientListLDAP [0]:

```
[...]
You can have some client details in your Radiator configuration file and
some in <ClientListLDAP> although this can be confusing to future
administrators.
[...]
```

We are trying to clean up our configuration by moving the secrets to
LDAP and it works for most clients just fine. But the some parts of the
configurations requires "Identifiers" on specific clients, e.g:

```
<Client r1.example.com>
    Identifier se-root
</Client>
```

So I did as the documention stated, mixed the configuration by adding
the secret to LDAP and the lines above in the configuration file. And I
think is works but I'm a bit scared by the error messages that now can
be found in the log:

```
Tue Oct  3 08:12:35 2017: ERR: No Secret or TACACSPLUSKey defined
for Client r1.example.com in '/local/radiator/conf/radius.cfg'
```

The following questions comes to mind:

1. Is the error message a real error?
2. If I have a secret configured in both LDAP and the config file,
   which secret will be used?

[0] https://www.open.com.au/radiator/ref/ClientListLDAP.html


--
jocar


More information about the radiator mailing list