(RADIATOR) Authenticate with a primary and secondary LDAP server

Wed, 11 Oct 2000 00:17:00 -0700

Hi,

We are using Radiator (2.16.1) for a short time now. For user authentication we are
making use of an LDAP server. For backup reasons we have a secondary (backup)
ldap server. I've implemented this in Radiator as described below.

Now I am experiencing the following problem :

When a user not exists in de LDAP DB or a wrong password has been sent then
Radiator tries the secondary LDAP server (as I told him to do so [AuthByPolicy ContinueUntilAccept] :-) And ofcourse, this doesn't give an 'access accept'
either.

But, I'd like the secondary LDAP server only be contacted if the primary LDAP
server doesn't give any response at all.

My question is as follows :

Am I making a mistake in the implementation, and if so, what is the right one :-)
or is it not possible to do it 'my way'.

T.i.a

Erwin Wortel
Academic Medical Center
Amsterdam, The Netherlands

8<-------- stuff deleted --------------------------------------------------

# radius.cfg

<AuthBy LDAP>
                Identifier LDAPquery1
                # Tell Radiator how to talk to the primary LDAP server
                Host            ldap1.amc.uva.nl
                BaseDN          o=AMC
                HoldServerConnection
                UsernameAttr    uid
                PasswordAttr    userpassword
</AuthBy>

<AuthBy LDAP>
                Identifier LDAPquery2
                # Tell Radiator how to talk to the secondary LDAP server
                Host            ldap2.amc.uva.nl
                BaseDN          o=AMC
                HoldServerConnection
                UsernameAttr    uid
                PasswordAttr    userpassword
</AuthBy>

<Realm DEFAULT>
        RewriteUsername tr/A-Z/a-z/
        RewriteUsername s/^([^@]+).*/$1/
        AuthByPolicy ContinueUntilAccept
        <AuthBy FILE>
                Filename %D/file1
                AddToReply Framed-Protocol = PPP,\
                Framed-IP-Netmask = 255.255.255.255,\
                Idle-Timeout = 900,\
                Framed-Compression = Van-Jacobson-TCP-IP
        </AuthBy>
        <AuthBy FILE>
                Filename %D/file2
                AddToReply Framed-Protocol = PPP,\
                Framed-IP-Netmask = 255.255.255.255,\
                Idle-Timeout = 900,\
                Framed-Compression = Van-Jacobson-TCP-IP
        </AuthBy>
        AcctLogFileName         %L/accounting.log
        MaxSessions             1
</Realm>

8<-------- stuff deleted --------------------------------------------------

--
Erwin Wortel, Academic Medical Center - Amsterdam
E-Mail: [EMAIL PROTECTED], Telefoon +31 20 56 66788
$*%@*!&(%72HaLLo#%@*&^$Doeei)#_+~toeteLeToet_%^@#$9+

Why is the word abbreviation so long?
 

Reply via email to