Behavior on LDAP outage

Jethro Carr jethro.carr at jethrocarr.com
Thu Jun 14 01:05:32 CEST 2012


On Wed, 2012-06-13 at 06:35 +0000, Alan Buxey wrote:
> Ok, here is probably a use case for silently dropping rejects. That
> way your NAS will behave okay....but you only want to do this if the
> LDAP is down...so need to base it on that condition. That's if you
> want to keep it all in the server, you could have an external cronjob
> or such that checks LDAP and stops/starts the radius daemon

thanks Alan,

The suggestion from Alan DeKok works well for my needs at this stage,
but your suggestion would be useful as a safety check to stop the radius
daemon incase a miss configuration in production if it detects a known
test user can't authenticate for any reason.

(or maybe an iptables -j REJECT)

regards,
jethro

-- 
Jethro Carr
www.jethrocarr.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120614/6979ebb3/attachment.pgp>


More information about the Freeradius-Users mailing list