error in configurable failover?

Dusty Doris freeradius at mail.doris.cc
Thu Dec 1 00:33:18 CET 2005


> Norbert Wegener <nw at sbs.de> wrote:
>> authenticate {
>> #ldap1
>> group {
>>         ldap1 {
>
>  You can't use anonymous groups in the "authenticate" section.  You
> have to explicitely use "Auth-Type", and give it a name.  This is
> because only ONE auth-type is run from that section.  So if you had an
> anonymous group, it would never get run, because you could never
> reference it by name.
>
>  Alan DeKok.

Say you had two ldap instances.

authorize {
 	redundant {
 		ldap1
 		ldap2
 	}
}

authenticate {
 	ldap1
 	ldap2
}


Say you had 4 ldap instances.  Two for dial users and two for isdn users. 
They point to the same servers, but with different configurations.

authorize {
 	Autz-Type dial {
 		redundant {
 			ldap_dial1
 			ldap_dial2
 		}
 	}
 	Autz-Type isdn {
 		redundant {
 			ldap_isdn1
 			ldap_isdn2
 		}
 	}
}

authenticate {
 	Auth-Type dial {
 		ldap_dial1
 		ldap_dial2
 	}
 	Auth-Type adsl {
 		ldap_isdn1
 		ldap_isdn2
 	}
}

In that case, you would need to declare these somewhere, such as the users 
file.

DEFAULT	NAS-Port-Type == Async, Autz-Type := dial, Auth-Type := dial

DEFAULT NAS-Port-Type == ISDN, Autz-Type := isdn, Auth-Type := isdn







More information about the Freeradius-Users mailing list