Re: ldap { fail=1}

permalink · #1 (**permalink**) 01-11-2007

--===============1951718473==
Content-Type: multipart/alternative;
boundary="----=_Part_15748_16001538.1168507065083"

------=_Part_15748_16001538.1168507065083
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

> Message du 10/01/07 =C3=A0 15h38
> De : "Alan DeKok"=20
> A : jerrrry@voila.fr, "FreeRadius users mailing list"=20
> Copie =C3=A0 :=20
> Objet : Re: ldap { fail=3D1}
>=20
> jerrrry@voila.fr wrote:
> >=20
> > i'm using freeradius 1.0.1 from Red Hat entreprise 4.
>=20
> You SHOULD upgrade:
>=20
> http://freeradius.org/security.html
>=20
> > I want the radius server to authenticate users thanks to the "users"
> > file even if the ldap directory is not reachable and the radius server
> > to start even if the DB is not reachable
>=20
> That's probably the way the server should work. Those issues probably
> weren't though of when the server was written, as the SQL module works
> the same way.
>=20
> > I tried with ldap { fail =3D1} in the authorize section and sql { fail
> > =3D 1 } in the instantiate section without any success.
> >=20
> > "fail" doen't seem to be know.
>=20
> No, it doesn't work in the "instantiate" section. It could, though.
> It's a good idea, and one I hadn't thought of.
so there is no solution to backup my nas client list thanks to freeradius w=
ith somethng like=20
instantiate{
redundant {=20
sql1
sql2
}
}
Thomas

>=20
> An alternative would be to update the LDAP module to NOT bind at
> startup, and do it only when a request came in. That would help, too.
>=20
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>=20
>
------=_Part_15748_16001538.1168507065083
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

 
<BLOCKQUOTE style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #ff0=
000 2px solid">
> Message du 10/01/07 =C3=A0 15h38 > De : "Alan DeKok" <ALAND@D=
EPLOYINGRADIUS.COM> > A : jerrrry@voila.fr, "FreeRadius users mailing=
list" <FREERADIUS-USERS@LISTS.FREERADIUS.ORG> > Copie =C3=A0 : &=
gt; Objet : Re: ldap { fail=3D1} > > jerrrry@voila.fr wrote:<B=
R>> > > > i'm using freeradius 1.0.1 from Red Hat entrepris=
e 4. > > You SHOULD upgrade: > > http://freeradiu=
s.org/security.html > > > I want the radius server to authe=
nticate users thanks to the "users" > > file even if the ldap dire=
ctory is not reachable and the radius server > > to start even if =
the DB is not reachable > > That's probably the way the server=
should work. Those issues probably > weren't though of when the serv=
er was written, as the SQL module works > the same way. > &=
gt; > I tried with ldap { fail =3D1} in the authorize section and sql { =
fail > > =3D 1 } in the instantiate section without any success.<B=
R>> > > > "fail" doen't seem to be know. > > N=
o, it doesn't work in the "instantiate" section. It could, though. > =
It's a good idea, and one I hadn't thought of.
so there is no solution to backup my nas client list thanks to free=
radius with somethng like 
instantiate{
redundant { 
sql1
sql2
}
}
Thomas
 > > An alternative would be to update the LDAP module to N=
OT bind at > startup, and do it only when a request came in. That wou=
ld help, too. > > Alan DeKok. > -- > http://deploy=
ingradius.com - The web site of the book > http://deployingradius.com=
/blog/ - The blog > > </BLOCKQUOTE>
------=_Part_15748_16001538.1168507065083--

--===============1951718473==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--===============1951718473==--

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode