redundant LDAP server with free-radius
Alexei Monastyrnyi
alexeim at orcsoftware.com
Fri Feb 2 09:49:57 CET 2007
got you, mate
I was a kind of confused by
authenticate {
Auth-Type MS-CHAP {
mschap
}
Looking at this makes things more clear.
modules {
mschap {
authtype = MS-CHAP
Still, "Failover" is a kind of inconsistent/incomplete without pointing
this out (thought it is an indirect detail). Other parts of doc might
well have a reference to that, but IMO it is worth referring to this on
failover page, doc is supposed to help people getting answers ... People
might never come to renaming module instances but for redundancy. Since
it is Wiki, I can probably update it by adding ~200-300 bytes of text
and in case you won't like it, you can always roll back.
A.
on 2/1/2007 4:55 PM Alan DeKok wrote:
> Alexei Monastyrnyi wrote:
>
>> this works as expected, though it is not that obvious that Auth-Type
>> name refers to module name, and not just names the method...
>>
>
> It defines the method, but doesn't make the module set Auth-Type to
> that method.
>
>
>> Or I might
>> have missed that from the documentation. Anyway, "fail-over" section
>> does not reflect this IMO. Not a note of "authenticate" sub-section at
>> all... should it be updated?
>>
>
> Modules having "authenticate" sections automatically have Auth-Type
> definitions created based on their name. This is normally the module
> name (i.e. LDAP), unless the module has an *instance* name, in which
> case it's the instance name.
>
> The LDAP module sets "Auth-Type" to it's *instance* name, not to
> "LDAP". That appears to be the piece you're missing.
>
> This has nothing to do with failover.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
More information about the Freeradius-Users
mailing list