Help with complex redundant LDAP setup

Alan DeKok aland at deployingradius.com
Tue Mar 11 15:52:12 CET 2008


Capelle, Mark (PCMC-GB) wrote:
> Now the authentication part is where is becomes complicated.

  Nope.  Just list "srv1-sitea" and "srv1-siteb" in the authenticate
section.  If the server is up (and was used) for the authorize query, it
had better be up for the authentication portion.

> I am sure there is probably an easy way to accomplish this so that for
> each OU ("site") it uses both LDAP servers ("srv1","srv2") in a
> redundant fashion, but how to do it is something I am having a heck of a
> time figuring out.

  You do not want to do redundancy AND redundancy.  That's redundant.

  Just do one level of redundancy, in the "authorize" section.  The
correct module will then be picked for the "authenticate" section.
There's no need to set up another level of redundancy.

  Alan DeKok.



More information about the Freeradius-Users mailing list