LDAP server failover in FreeRADIUS 2.1
up at 3.am
up at 3.am
Thu Jun 16 16:49:49 CEST 2011
> up at 3.am wrote:
>> I can tell that ldap failover config is a FAQ by the number of hits I found
>> searching for this, but it seems that many of the config examples are for
>> older versions of FreeRADIUS. In any case, this is what I've tried, but
>> it's
>> not working:
>
> See the FAQ for "it doesn't work".
>
>> ldap ldap2{
> ....
>> set_auth_type = yes
Thanks for pointing that out...I had just copied and pasted that section from
the secondary radius server.
> Which will set "Auth-Type := ldap2". That's probably not what you want.
>> This is what I put in sites-enabled/default AND in
>> sites-enabled/inner-tunnel
>> (it doesn't look right to me, but it's what I found):
>>
>> authorize {
>> preprocess
>> redundant LDAP{
>> ldap1
>> ldap2
>> }
>
> That looks OK...
>
>> Auth-Type LDAP {
>> ldap1
>> ldap2
>> }
>
> That doesn't. It goes into the "authenticate" section, and you need
> add a "redundant" block which wraps the calls to "ldap1" and "ldap2"
That did the trick...I changed it to this:
#Auth-Type LDAP {
redundant LDAP{
ldap1
ldap2
}
I wasn't sure if you used both "Auth-Type" AND "redundant", but apparently you
only need the latter.
Thanks once again, Alan!
More information about the Freeradius-Users
mailing list