1 freeradius with 2 openldap (multi master)

François Mehault Francois.Mehault at netplus.fr
Tue Jun 2 11:30:08 CEST 2009


Well, I read the documentation, but I don't succeed to fix my problem, and I don't know if the solution is in this documentation:

I use the attribute redundant and we can read:

"
    *  redundant{...} and append{...} are just shortcuts. You could write

        group {

            sql1 {

                fail = 1
                notfound = 2
                noop = return
                ok = return
                updated = return
                reject = return
                userlock = return
                invalid = return
                handled = return

            }
            sql2 {

                fail = 1
                notfound = 2
                noop = return
                ok = return
                updated = return
                reject = return
                userlock = return
                invalid = return
                handled = return

            }

        }

    instead of

        redundant {

            sql1
            sql2

        }

    but the latter is just a whole lot easier to read."

When I use redundant, I understand it's equivalent to have groups which are failable. My problem is I have failover between two ldaps, and if the first ldap is used, it works because I have:

Sending Access-Accept of id 93 to 192.168.0.50 port 1812
        Reply-Message = "Utilisateur: fmehault, group: Administrateur"
        Cisco-AVPair = "shell:priv-lvl=15"
        Service-Type = NAS-Prompt-User
          Finished request 0.

And if the first failed, the second ldap is used, so we can say that it's works, but it fails because I have:

Sending Access-Accept of id 94 to 192.168.0.50 port 1812 Finished request 0.

It fails because the Access-Accept was built without Cisco-AVPair = "shell:priv-lvl=15" and Service-Type = NAS-Prompt-User. And I don't know why, I don't understand,

Thanks Alan for your help, I will continue to read the failover documentation, maybe there is something that I missed, If someone has another lead ..

Regards,

François


-----Message d'origine-----
De : freeradius-users-bounces+francois.mehault=netplus.fr at lists.freeradius.org [mailto:freeradius-users-bounces+francois.mehault=netplus.fr at lists.freeradius.org] De la part de A.L.M.Buxey at lboro.ac.uk
Envoyé : vendredi 29 mai 2009 18:04
À : FreeRadius users mailing list
Objet : Re: 1 freeradius with 2 openldap (multi master)

Hi,

> And now, if I start radiusd and slapd on server A and not on server B, it works. And if I stop slapd on server A, and start slapd on server B, it doesn't work. It's maybe a lead...

this is documented

http://wiki.freeradius.org/Fail-over


you need the group to be failable etc

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list