<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Greetings<div><br></div><div>I'm new to radius but have been reading.</div><div><br></div><div>I have a freeradius server running on ubuntu 11, my users file is an ldap server which works great. My question is,</div><div><br></div><div>how can i search and alternate LDAP server for user credentials ?</div><div>If the first LDAP search fails try the next server in line. </div><div><br></div><div>I found some documentation-</div><div>* <a href="http://freeradius.org/radiusd/doc/ldap_howto.txt">http://freeradius.org/radiusd/doc/ldap_howto.txt</a> does not mention a second server.</div><div>*<a href="http://freeradius.org/radiusd/doc/configurable_failover">http://freeradius.org/radiusd/doc/configurable_failover</a> explains the redundant setup for sql accounting. </div><div><br></div><div>so far I tried adding the second ldap server, it's info is read during module load -- no errors. The problem is,.. only one of the ldap systems contains the correct info. So one WILL fail and the other will pass. </div><div>with that being said,.. How do i configure my server to Pass if either system returns " ok " ? currently it will fail even if one LDAP system returns good.</div><div><br></div><div><div>authorize {</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>preprocess</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>chap</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>mschap</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>digest</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>suffix</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>eap {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ok = return</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>files</div><div><br></div><div> redundant {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ldap1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ldap2</div><div> <span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>expiration</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>logintime</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>pap</div><div><br></div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>Autz-Type Status-Server {</div><div>#</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div>}</div></div><div><br></div><div><div>authenticate {</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Auth-Type PAP {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>pap</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Auth-Type CHAP {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>chap</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Auth-Type MS-CHAP {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>mschap</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>digest</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>#</div><div><span class="Apple-tab-span" style="white-space:pre"> </span># Pluggable Authentication Modules.</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>pam</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>unix</div><div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Auth-Type LDAP {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ldap1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ldap2</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>eap</div><div><br></div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>Auth-Type eap {</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>eap {</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>handled = 1 </div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>if (handled && (Response-Packet-Type == Access-Challenge)) {</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>attr_filter.access_challenge.post-auth</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>handled # override the "updated" code from attr_filter</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div>#<span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div>}</div></div><div><br></div><div><br></div><div>Any Assistance would be helpful.</div><div>-j</div></body></html>