FreeRADIUS v1.0.4, rlm_ldap module, and redundancy

Zawacki Jason D Ctr AFRL/IFOS Jason.Zawacki.ctr at rl.af.mil
Wed Jul 13 20:21:15 CEST 2005


> -----Original Message-----
> From: freeradius-users-bounces at lists.freeradius.org 
> [mailto:freeradius-users-bounces at lists.freeradius.org] On 
> Behalf Of Alan DeKok
> Sent: Wednesday, July 13, 2005 2:20 PM
> To: FreeRadius users mailing list
> Subject: Re: FreeRADIUS v1.0.4, rlm_ldap module, and redundancy 
> 
> Zawacki Jason D Ctr AFRL/IFOS <Jason.Zawacki.ctr at rl.af.mil> wrote:
> > I've been trying to get this to work, but it appears, to 
> me, that the
> > redundancy is only used for part of the auth process.
> 
>   What "auth" process?  Authorize or authenticate?
> 
> >   When looking up the
> > DN for the user who is trying to authenticate, redundancy works. 
> 
>   During the "authorize" stage.
> 
> >  After that
> > though, it appears that only the first module in the 
> redundant list is
> > tried. 
> 
>   Which redundant list?  You listed two.
> 
> > authenticate {	
> >     Auth-Type LDAP {
> >         redundant {		# wasn't sure if this was necessary
> >             svr1
> 
>   If you want redundancy for authentication, you can list that.
> 
> > I test by simulating a failure of svr1 using:
> 
>   Ok.  The debug log shows:
> 
> >   modcall[authorize]: module "svr1" returns fail for request 0
> ...
> >   modcall[authorize]: module "svr3" returns fail for request 0
> ...
> >   modcall[authorize]: module "svr2" returns ok for request 0
> 
>   So the redundancy in the "authorize" section works.
> 
> > rlm_ldap::ldap_groupcmp: Search returned error
> 
>   You're using the LDAP-Group attribute, which is set to use svr1,
> which is down.  There's currently no fail-over for the LDAP-Group
> attribute.
> 

I dig, that's kind of what I thought (even if I didn't word it correctly).
Thanks for your help!

Jason

>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 



More information about the Freeradius-Users mailing list