Question regarding redundant-load-balance

Sebastian Hagedorn Hagedorn at uni-koeln.de
Thu Apr 23 14:51:37 CEST 2015


Hi,

we've been using freeradius for many years, but now we're setting up new 
servers (3.0.8 as of today) and I'm testing configuration options we've 
never used before. Currently I'm trying to figure out how to achieve 
maximum resilience using LDAP backends. We're using LDAP the "right" way, 
i.e. we query for the password during authorize. That works just fine.

Here's the problem: I'm trying to use redundant-load-balance like this - I 
set up separate modules with one LDAP server each:

        #
        #  The ldap module reads passwords from the LDAP database.
        #
        redundant-load-balance {
                rrzk-ldap-centos
                rrzk-ldap-mailldap
        }

If both LDAP servers are up when I start radiusd, all is well, even if I 
stop one of the LDAP servers later. But if one of them is down during 
startup of radiusd, this happens:

# radiusd -X
...
rlm_ldap (rrzk-ldap-centos): Initialising connection pool
   pool {
   	start = 5
   	min = 4
   	max = 32
   	spare = 3
   	uses = 0
   	lifetime = 0
   	cleanup_interval = 30
   	idle_timeout = 60
   	retry_delay = 1
   	spread = no
   }
rlm_ldap (rrzk-ldap-centos): Opening additional connection (0), 1 of 32 
pending slots used
rlm_ldap (rrzk-ldap-centos): Connecting to ldap://redacted:389
rlm_ldap (rrzk-ldap-centos): Could not start TLS: Can't contact LDAP server
rlm_ldap (rrzk-ldap-centos): Opening connection failed (0)
rlm_ldap (rrzk-ldap-centos): Removing connection pool
/etc/raddb/mods-enabled/rrzk-ldap-centos[8]: Instantiation failed for 
module "rrzk-ldap-centos"
#

What do I have to do to make freeradius ignore that it can't instantiate 
the module during startup? Or what else am I doing wrong?

Thanks
Sebastian
-- 
    .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                 .:.Regionales Rechenzentrum (RRZK).:.
   .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150423/83ddda9d/attachment.bin>


More information about the Freeradius-Users mailing list