load balancing and if statements

Scott McLane Gardner sgardne at uark.edu
Mon Mar 26 20:46:22 CEST 2012


FR 2.1.10 on Linux

I want to load balance my LDAP servers, but I also want to do some
checking for group membership. Reading the documentation at
http://wiki.freeradius.org/Load-balancing#Interaction+with+%22if%22+and+%22
else%22 makes me think I can use if and elsif statements in a load
balancing block, as long as the rules in the table are followed. However,
when I try to do this, I get the following errors in my log:

>/etc/freeradius/sites-enabled/default[173]: load-balance sections cannot
>contain a "if" statement

Here is the configuration I am attempting:

>    load-balance {
>        ldap1
>
>        if (Ldap-Group == "NET Staff") {
>            if (NAS-IP-Address == "10.52.6.5" || NAS-IP-Address ==
>"10.52.6.4") {
>                update reply {
>                    Passport-Access-Priority = 6
>                }
>            }
>        }
>        # Reject everyone else to the routers
>        elsif (NAS-IP-Address == "10.52.6.5" || NAS-IP-Address ==
>"10.52.6.4" || NAS-IP-Address == "10.51.0.1" || NAS-IP-Address ==
>"10.51.0.2") {
>                reject
>        }
>
>        ldap2
>
>        if (Ldap-Group == "NET Staff") {
>            if (NAS-IP-Address == "10.52.6.5" || NAS-IP-Address ==
>"10.52.6.4") {
>                update reply {
>                    Passport-Access-Priority = 6
>                }
>            }
>        }
>        # Reject everyone else to the routers
>        elsif (NAS-IP-Address == "10.52.6.5" || NAS-IP-Address ==
>"10.52.6.4" || NAS-IP-Address == "10.51.0.1" || NAS-IP-Address ==
>"10.51.0.2") {
>                reject
>        }
>    }


If I can't use if statements in a load balance block, can anyone suggest
another way to go about accomplishing what I want to do here?

Thank you,
Scott



More information about the Freeradius-Users mailing list