radius + rlm_ldap: alter auth-type if server not reachable

Thomas Dupas thomas at dupas.be
Sun Aug 21 16:04:56 CEST 2011


Hi,

I'm currently using FreeRADIUS v2.1.7 with OpenLDAP v2.3.43 as back-end.
After already reading numerous times that ldap failover doesn't work/isn't implemented in the rlm_ldap I had to find another way to provide HA.
Currently I'm pointing towards 2 radius servers, each configured with a different ldap server.

The problem I'm having is that the radius sends an explicit reject when it can't connect to ldap.
This is problematic since the requester will reject the user, instead of trying to contact the second radius.
Is there a way to catch the "Can't contact LDAP server"/rlm_fail and send no response at all in that case? From a requester perspective it would be much cleaner to get no response at all (and trying the 2nd radius server) then getting a reject.

Br,

Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110821/3ee4f645/attachment.html>


More information about the Freeradius-Users mailing list