How to set properly failover ?

Alexandre Chapellon alexandre.chapellon at mana.pf
Fri Jul 23 21:00:18 CEST 2010


Le vendredi 23 juillet 2010 à 20:09 +0200, Jevos, Peter a écrit :

> Hi alex, thank you for your mail, helped a lot : )
> 
> Now it's working, no idea why and how but working : )
> 
> Here is my config:
> Users:
> 
> DEFAULT          Auth-Type := vpn_auth_name,Huntgroup-Name == "vpn"
>                 Fall-Through = Yes
> 

Setting Auth-Type is discouraged. further more setting 
Auth-Type to a module name sounds like an error to me (but maybe am i
mistaking)

I think you can remove Auth-Type

> Radiusd.conf:
> instantiate {
> 
>                 redundant vpn_auth_name {
>                                 group {
>                         ntlm_auth_vpn1 {
>                         reject = 1
>                         ok = return
>                         }
>                         ntlm_auth_vpn2 {
>                         reject = 1
>                         ok = return
>                         }
>                 }
> 

Why are you using group inside redundant... I'm not sure this is
usefull.
Using ntlm_auth_vpn1 and ntlm_auth_vpn2 should be enough. Look here for
more infos and example of how redundant modules are set:

 http://wiki.freeradius.org/Fail-over

> And the sites-available/default:
> Authenticate {
>   			vpn_auth_name
> 		}
> 
> Thanks , have a nice day
> p	
> 
> 
> -----Original Message-----
> From:
> freeradius-users-bounces+peter.jevos=oriflame.com at lists.freeradius.org
> [mailto:freeradius-users-bounces+peter.jevos=oriflame.com at lists.freeradi
> us.org] On Behalf Of alexandre.chapellon at mana.pf
> Sent: Friday, July 23, 2010 7:44 PM
> To: FreeRadius users mailing list
> Subject: Re: How to set properly failover ?
> 
> This how I do, but it's not the only way and may not feet your needs:
> 
> In radiusd.conf, instantiate a redundant module:
> instantiate {
> ...
>       redundant ha_auth_name {
>                 ntlm_auth_vpn1
>                 ntlm_auth_vpn2
>        }
> ...
> }
> 
> In default sites config, section authorize
> 
> authorize {
> ...
>       ha_auth_name
> ...
> }
> 
> 
> Quite simple and works great here for some other moduls (SQL)
> Hope it helps.
> 
> ---- Message original----
> >Date: Fri, 23 Jul 2010 18:45:30 +0200
> >From:
> freeradius-users-bounces+alexandre.chapellon=mana.pf at lists.freeradius.or
> g (on behalf of "Jevos, Peter" <Peter.Jevos at oriflame.com>)
> >Subject: How to set properly failover ?  
> >To: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> >
> >   Hi guys
> >
> >    
> >
> >   I'm really trying but it's not easy to find
> >   somehitng in the documenatiion.
> >
> >   I have 2 modules ntlm_auth_vpn1/2 and I like to do
> >   failover.
> >
> >   I tried this but I was not sucesfull:
> >
> >    
> >
> >   In the modules I have 2 files, ntlm_auth_vpn1 and
> >   ntlm_auth_vpn2
> >
> >   In the sites-available/default I have:
> >
> >    
> >
> >   #  Allow EAP authentication.
> >
> >           eap
> >
> >           ntlm_auth
> >
> >    
> >
> >           ntlm_auth_vpn {
> >
> >                           group {
> >
> >                                  
> >               ntlm_auth_vpn1 {
> >
> >                          
> >                                           reject = 1
> >
> >                          
> >                                           ok = return
> >
> >                                                  
> >                                   }
> >
> >                                                  
> >   ntlm_auth_vpn2 {
> >
> >                          
> >                                           reject = 1
> >
> >                          
> >                                           ok = return
> >
> >                          
> >                                                          
> >   }
> >
> >                                                   }
> >
> >                         }
> >
> >    
> >
> >   In my users file is:
> >
> >    
> >
> >   DEFAULT          Auth-Type := ntlm_auth_vpn,
> >
> >                                   Fall-Through = Yes
> >
> >    
> >
> >   What should be the correct syntax ?
> >
> >   Freeradius is great tool , however every step
> >   forward is like a childbirth : )
> >
> >   What I'm really missing is what should be placed
> >   where.
> >
> >    
> >
> >   I'd really enjoy the new book .  I hope it will be
> >   released soon : )
> >
> >    
> >
> >   Thanks
> >
> >    
> >
> >   Pet
> >________________
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100723/b68108b6/attachment.html>


More information about the Freeradius-Users mailing list