FreeRADIUS v1.0.4, rlm_ldap module, and redundancy
Dusty Doris
freeradius at mail.doris.cc
Wed Jul 13 22:46:17 CEST 2005
>
> authorize {
> redundant {
> svr1
> svr3
> svr2
> notfound = return
> }
> files
> }
>
> authenticate {
> Auth-Type LDAP {
> redundant { # wasn't sure if this was necessary
> svr1
> svr3
> svr2
> }
> }
> }
>
> I test by simulating a failure of svr1 using:
>
> route add -host <svr1 IP> 127.0.0.1 -blackhole
>
> Svr3 happens to be down for maintenance at the moment
>
> Thanks for any help,
> Jason
>
> Log:
>
> rad_recv: Access-Request packet from host x.x.x.x:3104, id=14, length=54
> User-Name = "username"
> User-Password = "XXXXX"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall: entering group redundant for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for usersname
> radius_xlat: 'XXXXXXXX'
> radius_xlat: 'XXXXXXXX'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr1 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXX to XXXXXXXXXXXX
> rlm_ldap: XXXXXXXXXX bind to XXXXXXXXXXX failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "svr1" returns fail for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for username
> radius_xlat: 'XXXXXXXXXXXXXXXXXXX'
> radius_xlat: 'XXXXXXXXXXXXXXXXXXX'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr3 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXXXX to XXXXXXXXXXXXXX
> rlm_ldap: XXXXXXXXXXXx bind to XXXXXXXXXXXXXXX failed: Can't contact LDAP
> server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "svr3" returns fail for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for username
> radius_xlat: 'XXXXXXXXXXXXXXXxxxxxx'
> radius_xlat: 'XXXXXXXXXXXXXXXXXXXXX'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr2 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXXX to XXXXXXXXXXXXXXXX
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in XXXXXXXXXXXXXXXXXX, with filter
> (&(XXXXXXXX)(XXXXXXXXXX))
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user username authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "svr2" returns ok for request 0
> modcall: group redundant returns ok for request 0
> radius_xlat: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> rlm_ldap: Entering ldap_groupcmp()
> radius_xlat: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> radius_xlat: '(&(objectClass=group)(member=XXXXXXXXXXXXXXXXXXXXXXXXXXXX))'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr1 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXXXXXXXXXXXXXXXX to XXXXXXXXXXXXXXXXXXXXXXXx
> rlm_ldap: XXXXXXXXXXXXXXXXXXXX bind to XXXXXXXXXXXXXXXXXXXXXXXX Can't
> contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> rlm_ldap::ldap_groupcmp: Search returned error
> radius_xlat: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> rlm_ldap: Entering ldap_groupcmp()
> radius_xlat: 'XXXXXXXXXXXXXXXXXXXXXXXXX'
> radius_xlat:
> '(&(objectClass=group)(member=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxx))'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to <svr1 IP>, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /path/to/cacert.pem
> rlm_ldap: bind as XXXXXXXXXXXXXXXXXXXXX to XXXXXXXXXXXXXXXXXXXXXXXX
> rlm_ldap: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX bind to XXXXXXXXXXXXXXXXXXXXXXXX
> failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> rlm_ldap::ldap_groupcmp: Search returned error
> users: Matched entry DEFAULT at line 224
> modcall[authorize]: module "files" returns ok for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type Reject
> rad_check_password: Auth-Type = Reject, rejecting user
> auth: Failed to validate the user.
> Login incorrect: [username] (from client client port 0)
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 14 to x.x.x.x:3104
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 14 with timestamp 42d548f0
> Nothing to do. Sleeping until we see a request.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list