Hi, at the moment i trying to get my ldap authetication working with redundant ldap directorys. I made a second ldap modul and the following entry at the authentication part Redundant{ ldap1 ldap2 } I fired up an second ldap directoy which is replicated by first one. My problem is that if i kill ldap1 i cant get an result from ldap2. Bit the database and directory is the same! rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.1.4:389, authentication 0 rlm_ldap: bind as cn=freeradius,ou=admins,ou=radius,dc=XXX,dc=de/freeradius to 192.168.1.4:389 rlm_ldap: cn=freeradius,ou=admins,ou=radius,dc=XXX,dc=de bind to 192.168.1.4:389 failed: Can't contact LDAP server rlm_ldap: (re)connection attempt failed rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap1" returns fail for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for Notebook-XXX.de radius_xlat: '(&(uid=Notebook-AK.XXX.de)(objectclass=radiusprofile))' radius_xlat: 'ou=users,ou=radius,dc=XXX,dc=de' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.1.5:389, authentication 0 rlm_ldap: bind as cn=freeradius,ou=admins,ou=radius,dc=XXX,dc=de/freeradius to 192.168.1.5:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=users,ou=radius,dc=XXX,dc=de, with filter (&(uid=Notebook-AK.XXX.de)(objectclass=radiusprofile)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap2" returns notfound for request 0 modcall: group redundant returns notfound for request 0 modcall: group authorize returns updated for request 0 The second problem is that if both ldap1 an d ldap2 are down the eap-tls modul which is for authorisation goes on and authenticates the user.. How can i change that that? I want to configure the server,that if ldap failes the whole process fails and the user is rejected. What will i have to add to my redundant part? Hope this is understandable? Mit freundlichen Grüßen Armin