I am running freeradius version 2.0.4 and using LDAP against Active Directory. When I have a single LDAP server setup my authentication works great. I am having trouble using the redundant ldap settings. Here is some config data ldap ad01 { server = ocdc01.overstock.com port = 389 identity = "CN=LDAP Bind,OU=Special,OU=OSTK_Accounts,DC=overstock,DC=com" password = xxxxxx basedn = OU=OSTK_Accounts,DC=overstock,DC=com filter = "(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(objectClass=person)) " ldap_connections_number = 5 timeout = 40 timelimit = 30 net_timeout = 10 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no groupname_attribute = cn groupmembership_filter ="(|(&(objectClass=group)(member=%{control:Ldap-UserDn}))(&(objec tClass=top)(uniquemember=%{control:Ldap-UserDn})))" groupmembership_attribute = memberOf #ldap_debug = 0xFFFF } ldap ad02 { server = ocdc01.overstock.com port = 389 identity = "CN=LDAP Bind,OU=Special,OU=OSTK_Accounts,DC=overstock,DC=com" password = xxxxxx basedn = OU=OSTK_Accounts,DC=overstock,DC=com filter = "(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(objectClass=person)) " ldap_connections_number = 5 timeout = 40 timelimit = 30 net_timeout = 10 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no groupname_attribute = cn groupmembership_filter ="(|(&(objectClass=group)(member=%{control:Ldap-UserDn}))(&(objec tClass=top)(uniquemember=%{control:Ldap-UserDn})))" groupmembership_attribute = memberOf #ldap_debug = 0xFFFF } instantiate { exec expr expiration logintime ldap ad01 ad02 } authorize { preprocess redundant { ad01 { fail = 1 ok = return } ad02 { fail = 1 ok = return } } files expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type LDAP { redundant { ad01 { fail = 1 ok = return } ad02 { fail = 1 ok = return } } } } DEFAULT Ldap-Group == "CN=g.acl.neteng,OU=Groups,OU=OSTK_Accounts,DC=overstock,DC=com" Auth-Type := Accept, Foundry-Privilege-Level = 0, Foundry-Command-String = *, Foundry-Command-Exception-Flag = 0, Foundry-INM-Privilege = 15, Fall-Through = No DEFAULT ad01-Ldap-Group == "CN=g.acl.neteng,OU=Groups,OU=OSTK_Accounts,DC=overstock,DC=com" Auth-Type := Accept, Foundry-Privilege-Level = 0, Foundry-Command-String = *, Foundry-Command-Exception-Flag = 0, Foundry-INM-Privilege = 15, Fall-Through = No DEFAULT ad02-Ldap-Group == "CN=g.acl.neteng,OU=Groups,OU=OSTK_Accounts,DC=overstock,DC=com" Auth-Type := Accept, Foundry-Privilege-Level = 0, Foundry-Command-String = *, Foundry-Command-Exception-Flag = 0, Foundry-INM-Privilege = 15, Fall-Through = No Here is some debug info rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ad02-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ad02-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ad02 rlm_ldap: Over-riding set_auth_type, as there is no module ad02 listed in the "authenticate" section. rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ad01-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ad01-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ad01 rlm_ldap: Over-riding set_auth_type, as there is no module ad01 listed in the "authenticate" section. auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Thanks Jason -- Jason Traeden Network Engineer Overstock.com 6350 South 3000 East Salt Lake City, UT 84121 jtraeden@overstock.com Desk 801-947-3889 Cell 801-699-1379