Redundant Load Balanced LDAP authentication fails when Primary is down
tnt at kalik.net
tnt at kalik.net
Wed Apr 8 08:00:30 CEST 2009
>I have two freeradius v2.1.3-1 servers setup to run with redundant load balancing with two Windows Active Directory LDAP servers for authentication. When the LDAP servers are running the radius will load-balance between them and authenticate fine. If I shut the primary LDAP server down radius doesn't authenticate properly against the second LDAP server. I have tested the secondary LDAP as the the primary in the radius configuration and it works fine. If I change the radius config to have a bogus primary name it will then authenticate with the secondary fine. But when it has the correct name and the primary is down the authentication fails. I believe it may have something to do with ntlm_auth but I don't understand why as in the other test instances with the bogus name it works. Below is the LDAP portion of my server along with a part of the debug of what happens when I shutdown the primary LDAP server. If anyone has any suggestions it would be much appreciated.
>
ntlm_auth is pointing to the first DC. If you give the bogus name DC is
still working (so does ntlm_auth). When you bring it down - ntlm_auth
stops working. You need to build in redundancy on the samba side. See
their documentation on how to configure backup DCs.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list