unlang and 1st of 4 ldap source fail
Gary Prosser
gary.prosser at trinity-bris.ac.uk
Thu Jul 29 23:19:04 CEST 2010
Hi
I am using FreeRADIUS Version 2.0.4
On failure of the first of 4 ldap sources the freeradius server does not
continue to the next source but reports 'failed'.
In radiusd.conf modules I have defined 4 ldap items
ldap ldap1 {
server = "192.168.4.250"
identity =
"cn=LDAPBIND,cn=Users,dc=public,dc=trinity-bris,dc=ac,dc=uk"
password = *
basedn =
"OU=Students,DC=PUBLIC,DC=trinity-bris,DC=ac,DC=uk"
filter = "(samAccountName=
%{%{Stripped-User-Name}:-%{User-Name}})"
access_attr = "samAccountName"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
edir_account_policy_check=no
timeout = 4
timelimit = 3
net_timeout = 3
}
ldap ldap2 {
[relevant config]
}
ldap ldap3 {
[relevant config]
}
ldap ldap4{
[relevant config]
}
in authorise I have
authorize {
preprocess
chap
mschap
suffix
ldap1
if(notfound || fail){
ldap3
if(notfound || fail){
ldap2
if(notfound || fail){
ldap4
}
}
}
files
pap
}
and in authenticate I have
authenticate {
ldap1
ldap2
ldap3
ldap4
chap
}
My ldap1 source is down yet server does not continue to next, ldap3 etc
but simply reports failed. Prior to ldap source ldap1 going offline all
worked as expected ie finding valid logins in ldap3 or ldap2 or ldap4
Is my unlang incorrect ?
Thanks, Gary
-
IT Manager
Trinity College, Bristol (http://www.trinity-bris.ac.uk)
To ensure you receive email from Trinity College into your inbox, please add @trinity-bris.ac.uk to your email safe list (also known as whitelist).
More information about the Freeradius-Users
mailing list