[freeradius] fail-over ldap + reply-item missing

Ivan Kalik tnt at kalik.net
Tue Jun 9 15:27:46 CEST 2009


> I try to do a fail-over with two ldap on my freeradius. I read this
> article http://wiki.freeradius.org/Fail-over, I instantiated two openldap
> modules and i use the keyword redundant in my
> /raddb/site-available/default in authorize and authenticate section.
>
> redundant {
>                 Primary-ldap
>                 Secondary-ldap
> }
>
>  I also enabled reply_log
> When the two ldap are launched, it works.
>
> reply log :
>
> Tue Jun  9 11:45:53 2009
>         Packet-Type = Access-Accept
>         Reply-Message = "Utilisateur: fmehault, group: Administrateur"
>         Cisco-AVPair = "shell:priv-lvl=15"
>         Service-Type = NAS-Prompt-User
>
> But if i stop the Secondary-ldap, I have just :
>
> reply log :
>
> Tue Jun  9 11:49:19 2009
>         Packet-Type = Access-Accept
>
> I can see in my log that radiusd try to contact Secondary-ldap at first.
> Why ? Then it test 3 times, rather than test Primary-ldap, why ?

Read rlm_ldap documentation about group support. You are not using
instances in groups.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list