redundant LDAP server with free-radius

Alexei Monastyrnyi <alexeim@orcsoftware.com> · Thu, 01 Feb 2007 13:13:39 +0100

Folks,
sorry for bringing this up again.

I am running FreeRADIUS 1.1.4 and OpenLDAP 2.3.32 on two Solaris10/x86 

hosts.

Non-redundant config works fine with FreeRADIUS and OpenLDAP on a single 

host.

modules {
   ldap {
   ....
   }
}

authorize {
...
       ldap
}

authenticate {
...
       Auth-Type LDAP {
               ldap
       }
}

When I use a redundant config as per instruction in docs, I have the 

"auth: No authenticate method (Auth-Type) configuration found for the 

request: Rejecting the user" in debugs and user is rejected. Please see 

config and debug output below. I guess I am mussing some fine detail 

here. Your help would be highly appreciated.

modules {
   ldap ds-01 {
   ....
   }
   ldap ds-02 {
   ....
   }
}

authorize {
...
       redundant {
               ds-02
               ds-01
       }
}

authenticate {
...
       Auth-Type LDAP {
               redundant {
                       ds-02
                       ds-01
               }
       }
}

Debug output

rad_recv: Access-Request packet from host 1.1.1.1:3283, id=29, length=47
       User-Name = "qwer"
       User-Password = "qwer"
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
 modcall[authorize]: module "preprocess" returns ok for request 0
 modcall[authorize]: module "mschap" returns noop for request 0
   rlm_realm: No '@' in User-Name = "qwer", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 0
modcall: entering group redundant  for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for qwer
radius_xlat:  '(&(objectClass=posixAccount)(l=*)(uid=qwer))'
radius_xlat:  'dc=my,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful

rlm_ldap: performing search in dc=my,dc=com, with filter 

(&(objectClass=posixAccount)(l=*)(uid=qwer))

rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user alexeim authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
 modcall[authorize]: module "ds-02" returns ok for request 0
modcall: leaving group redundant  (returns ok) for request 0
modcall: leaving group authorize (returns ok) for request 0

auth: No authenticate method (Auth-Type) configuration found for the 

request: Rejecting the user

auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0

TIA
A.