Load-balance and Auth-Type
Evil I_Am
evil_ftw at hotmail.com
Wed Mar 22 11:20:33 CET 2006
Hi all
I have this scenario: 2 radius servers must point to 2 ldap servers with a
load-balancing and fault-tolerant configuration.
I tried to implement this on one of the radius servers this way:
modules {
ldap ldap1 {
...........
authtype = ldap #added later but seems not to work
}
ldap ldap2 {
...........
authtype = ldap #added later but seems not to work
}
}
authorize {
preprocess
load-balance { # between two redundant sections below
redundant {
ldap1
ldap2
}
redundant {
ldap2
ldap1
}
}
}
authenticate {
Auth-Type LDAP {
load-balance { # between two redundant sections
below
redundant {
ldap1
ldap2
}
redundant {
ldap2
ldap1
}
}
}
but if i try to authenticate a user i see this in debug:
rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX:25702, id=169,
length=77
User-Name = "XXXXXX"
User-Password = "XXXXXX"
NAS-IP-Address = XXX.XXX.XXX.XXX
NAS-Identifier = "login"
NAS-Port = 24677
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall: entering load-balance group for request 0
modcall: entering group redundant for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for XXX
radius_xlat: '(uid=XXX)'
radius_xlat: 'dc=XXXXXXX,dc=XX'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to XXX.XXX.XXX.XXX:389, authentication 0
rlm_ldap: bind as / to XXX.XXX.XXX.XXX:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=XXXXXXX,dc=XX, with filter (uid=XXX)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusServiceType as Service-Type, value Shell-User & op=11
rlm_ldap: extracted attribute Cisco-AVPair from generic item
cisco-avpair="shell:priv-lvl=15"
rlm_ldap: user futhwo authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok for request 0
modcall: leaving group redundant (returns ok) for request 0
modcall: load-balance group returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 169 to XXX.XXX.XXX.XXX port 25702
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 169 with timestamp 44212404
Nothing to do. Sleeping until we see a request.
If i keep only 1 module,call it simply ldap and give up on load balancing
everything works ok. How can i resolv this issue?
More information about the Freeradius-Users
mailing list