redundant LDAP server with free-radius

Alexei Monastyrnyi alexeim at
Fri Feb 2 09:49:57 CET 2007

got you, mate

I was a kind of confused by

authenticate {
        Auth-Type MS-CHAP {

Looking at this makes things more clear.

modules {
        mschap {
                authtype = MS-CHAP

Still, "Failover" is a kind of inconsistent/incomplete without pointing 
this out (thought it is an indirect detail). Other parts of doc might 
well have a reference to that, but IMO it is worth referring to this on 
failover page, doc is supposed to help people getting answers ... People 
might never come to renaming module instances but for redundancy. Since 
it is Wiki, I can probably update it by adding ~200-300 bytes of text 
and in case you won't like it, you can always roll back.


on 2/1/2007 4:55 PM Alan DeKok wrote:
> Alexei Monastyrnyi wrote:
>> this works as expected, though it is not that obvious that Auth-Type 
>> name refers to module name, and not just names the method...
>   It defines the method, but doesn't make the module set Auth-Type to
> that method.
>> Or I might 
>> have missed that from the documentation. Anyway, "fail-over" section 
>> does not reflect this IMO. Not a note of "authenticate" sub-section at 
>> all... should it be updated?
>   Modules having "authenticate" sections automatically have Auth-Type
> definitions created based on their name.  This is normally the module
> name (i.e. LDAP), unless the module has an *instance* name, in which
> case it's the instance name.
>   The LDAP module sets "Auth-Type" to it's *instance* name, not to
> "LDAP".  That appears to be the piece you're missing.
>   This has nothing to do with failover.
>   Alan DeKok.
> --
>       - The web site of the book
> - The blog

More information about the Freeradius-Users mailing list