
<html>

<head>

<style><!--

.hmmessage P

{

margin:0px;

padding:0px

}

body.hmmessage

{

font-size: 12pt;

font-family:Calibri

}

--></style></head>

<body class='hmmessage'><div dir='ltr'><span lang="EN-US">Hello,</span><BR><span lang="EN-US">i`m

 running a Freeradius Server 2.1.12 on a  Ubuntu 13.04 VM. The Login 

with 802.1 works perfectly. I`m using a Windows LDAP Server for the 

Login and want to add a second LDAP-Server for a Fail Over. I`m 

following the Tutorials to setup my Freeradius Server: *<b><a href="http://deployingradius.com/" target="_blank">Click</a></b>*. I`cant find a suitable Tutorial to adding a second LDAP Server for a Fail Over. </span><span><span lang="EN">Which files</span></span><span lang="EN"> <span>are</span> <span>responsible</span> <span>for the</span> <span>integration of a second</span> <span>LDAP</span> <span>server</span>? </span>These are my current Settings:<BR>


 <BR><b>/etc/freeradius/modules/ldap</b>:<BR> <BR><span lang="EN-US">ldap <b>ldap1</b> {</span><BR><span lang="EN-US">                server = "serv01.xyz.local"</span><BR>


<span lang="EN-US">                basedn = "dc=xyz,dc=local"</span><BR><span lang="EN-US">                filter = "(uid=%{%{Stripped-User-Name}:<wbr>-%{User-Name}})"</span><BR>

<span lang="EN-US">                ldap_connections_number = 5</span><BR><span lang="EN-US">                timeout = 4</span><BR><span lang="EN-US">                timelimit = 3</span><BR>


<span lang="EN-US">                net_timeout = 1</span><BR><span lang="EN-US"> </span><BR><span lang="EN-US">                tls {</span><BR>

<span lang="EN-US">                               start_tls = no</span><BR><span lang="EN-US">                }</span><BR><span lang="EN-US">                dictionary_mapping = ${confdir}/ldap.attrmap</span><BR>


<span lang="EN-US">                edir_account_policy_check = no</span><BR><span lang="EN-US"> </span><BR><span lang="EN-US">                set_auth_type = no</span><BR>

<span lang="EN-US">                keepalive {</span><BR><span lang="EN-US">                               # LDAP_OPT_X_KEEPALIVE_IDLE</span><BR><span lang="EN-US">                               idle = 60</span><BR>


<span lang="EN-US"> </span><BR><span lang="EN-US">                               # LDAP_OPT_X_KEEPALIVE_PROBES</span><BR><span lang="EN-US">                               probes = 3</span><BR>


<span lang="EN-US"> </span><BR><span lang="EN-US">                               # LDAP_OPT_X_KEEPALIVE_INTERVAL</span><BR><span lang="EN-US">                               </span>interval = 3<BR>


                }<BR>}<BR> <BR><span lang="EN-US">ldap <b>ldap2</b> {</span><BR><span lang="EN-US">                server = "serv02.xyz.local"</span><BR>


<span lang="EN-US">                basedn = "dc=xyz,dc=local"</span><BR><span lang="EN-US">                filter = "(uid=%{%{Stripped-User-Name}:<wbr>-%{User-Name}})"</span><BR>

<span lang="EN-US">                ldap_connections_number = 5</span><BR><span lang="EN-US">                timeout = 4</span><BR><span lang="EN-US">                timelimit = 3</span><BR>


<span lang="EN-US">                net_timeout = 1</span><BR><span lang="EN-US"> </span><BR><span lang="EN-US">                tls {</span><BR>

<span lang="EN-US">                               start_tls = no</span><BR><span lang="EN-US"> </span><BR><span lang="EN-US">                }</span><BR><span lang="EN-US"> </span><BR>


<span lang="EN-US">                dictionary_mapping = ${confdir}/ldap.attrmap</span><BR><span lang="EN-US">                edir_account_policy_check = no</span><BR>

<span lang="EN-US">                set_auth_type = no</span><BR><span lang="EN-US"> </span><BR><span lang="EN-US">                keepalive {</span><BR><span lang="EN-US">                               # LDAP_OPT_X_KEEPALIVE_IDLE</span><BR>


<span lang="EN-US">                               idle = 60</span><BR><span lang="EN-US"> </span><BR><span lang="EN-US">                               # LDAP_OPT_X_KEEPALIVE_PROBES</span><BR>


<span lang="EN-US">                               probes = 3</span><BR><span lang="EN-US"> </span><BR><span lang="EN-US">                               # LDAP_OPT_X_KEEPALIVE_INTERVAL</span><BR>


<span lang="EN-US">                               </span>interval = 3<BR>                }<BR>}<BR> <BR><b>/etc/samba/smb.conf</b>:<BR>

 <BR>[global]<BR>workgroup = XYZ<BR> dns proxy = no<BR> <BR>  security = ads<BR>

                <span lang="EN-US">password server = serv01.xyz.local </span><BR><span lang="EN-US">                password server = serv02.xyz.local</span><BR><span lang="EN-US">winbind separator = +</span><BR>


<span lang="EN-US"> </span><BR><span lang="EN-US"> </span><BR><b><span lang="EN-US">/etc/freeradius/sites-enabled/<wbr>inner-tunnel:</span></b><BR>

<span lang="EN-US"> </span><BR><span lang="EN-US">authenticate {</span><BR><span lang="EN-US">ntlm_auth</span><BR><span lang="EN-US">…</span><BR>

<span lang="EN-US"> </span><BR><span lang="EN-US"> </span><BR><span lang="EN-US">/<b>etc/freeradius/sites-enabled/<wbr>default:</b></span><BR><span lang="EN-US"> </span><BR>

<span lang="EN-US">authenticate {</span><BR><span lang="EN-US">ntlm_auth</span><BR><span lang="EN-US">…</span><BR><span lang="EN-US"> </span><BR>

<b><span lang="EN-US">/etc/freeradius/users:</span></b><BR><span lang="EN-US">DEFAULT                       <wbr>      Auth-Type = ntlm_auth</span><BR><span lang="EN-US"> </span><BR>

<span lang="EN-US">Thanks for Help!</span><BR><span lang="EN-US">BeliarsFire</span><BR>                                           </div></body>

</html>