[freeradius] fail-over ldap + reply-item missing
Ivan Kalik
tnt at kalik.net
Tue Jun 9 15:27:46 CEST 2009
> I try to do a fail-over with two ldap on my freeradius. I read this
> article http://wiki.freeradius.org/Fail-over, I instantiated two openldap
> modules and i use the keyword redundant in my
> /raddb/site-available/default in authorize and authenticate section.
>
> redundant {
> Primary-ldap
> Secondary-ldap
> }
>
> I also enabled reply_log
> When the two ldap are launched, it works.
>
> reply log :
>
> Tue Jun 9 11:45:53 2009
> Packet-Type = Access-Accept
> Reply-Message = "Utilisateur: fmehault, group: Administrateur"
> Cisco-AVPair = "shell:priv-lvl=15"
> Service-Type = NAS-Prompt-User
>
> But if i stop the Secondary-ldap, I have just :
>
> reply log :
>
> Tue Jun 9 11:49:19 2009
> Packet-Type = Access-Accept
>
> I can see in my log that radiusd try to contact Secondary-ldap at first.
> Why ? Then it test 3 times, rather than test Primary-ldap, why ?
Read rlm_ldap documentation about group support. You are not using
instances in groups.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list