FreeRADIUS v1.0.4, rlm_ldap module, and redundancy

Dusty Doris freeradius at mail.doris.cc
Wed Jul 13 22:46:17 CEST 2005 

>
> authorize {
>     redundant {
>         svr1
>         svr3
>         svr2
> 	  notfound = return
>     }
>     files
> }
>
> authenticate {
>     Auth-Type LDAP {
>         redundant {		# wasn't sure if this was necessary
>             svr1
>             svr3
>             svr2
>         }
>     }
> }
>
> I test by simulating a failure of svr1 using:
>
> route add -host <svr1 IP> 127.0.0.1 -blackhole
>
> Svr3 happens to be down for maintenance at the moment
>
> Thanks for any help,
> Jason
>
> Log:
>
> rad_recv: Access-Request packet from host x.x.x.x:3104, id=14, length=54
>         User-Name = "username"
>         User-Password = "XXXXX"
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
> modcall: entering group redundant for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for usersname
> radius_xlat:  'XXXXXXXX'
> radius_xlat:  'XXXXXXXX'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr1 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXX to XXXXXXXXXXXX
> rlm_ldap: XXXXXXXXXX bind to XXXXXXXXXXX failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "svr1" returns fail for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for username
> radius_xlat:  'XXXXXXXXXXXXXXXXXXX'
> radius_xlat:  'XXXXXXXXXXXXXXXXXXX'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr3 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXXXX to XXXXXXXXXXXXXX
> rlm_ldap: XXXXXXXXXXXx bind to XXXXXXXXXXXXXXX failed: Can't contact LDAP
> server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "svr3" returns fail for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for username
> radius_xlat:  'XXXXXXXXXXXXXXXxxxxxx'
> radius_xlat:  'XXXXXXXXXXXXXXXXXXXXX'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr2 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXXX to XXXXXXXXXXXXXXXX
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in XXXXXXXXXXXXXXXXXX, with filter
> (&(XXXXXXXX)(XXXXXXXXXX))
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user username authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "svr2" returns ok for request 0
> modcall: group redundant returns ok for request 0
> radius_xlat:  'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> rlm_ldap: Entering ldap_groupcmp()
> radius_xlat:  'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> radius_xlat:  '(&(objectClass=group)(member=XXXXXXXXXXXXXXXXXXXXXXXXXXXX))'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr1 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXXXXXXXXXXXXXXXX to XXXXXXXXXXXXXXXXXXXXXXXx
> rlm_ldap: XXXXXXXXXXXXXXXXXXXX bind to XXXXXXXXXXXXXXXXXXXXXXXX Can't
> contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> rlm_ldap::ldap_groupcmp: Search returned error
> radius_xlat:  'XXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> rlm_ldap: Entering ldap_groupcmp()
> radius_xlat:  'XXXXXXXXXXXXXXXXXXXXXXXXX'
> radius_xlat:
> '(&(objectClass=group)(member=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxx))'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr1 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXXXXXXXXXXXXXXX to XXXXXXXXXXXXXXXXXXXXXXXX
> rlm_ldap: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX bind to XXXXXXXXXXXXXXXXXXXXXXXX
> failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> rlm_ldap::ldap_groupcmp: Search returned error
>     users: Matched entry DEFAULT at line 224
>   modcall[authorize]: module "files" returns ok for request 0
> modcall: group authorize returns ok for request 0
>   rad_check_password:  Found Auth-Type Reject
>   rad_check_password: Auth-Type = Reject, rejecting user
> auth: Failed to validate the user.
> Login incorrect: [username] (from client client port 0)
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 14 to x.x.x.x:3104
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 14 with timestamp 42d548f0
> Nothing to do.  Sleeping until we see a request.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list