Behavior on LDAP outage
Fajar A. Nugraha
list at fajar.net
Thu Jun 14 10:54:44 CEST 2012
On Thu, Jun 14, 2012 at 6:05 AM, Jethro Carr <jethro.carr at jethrocarr.com> wrote:
> On Wed, 2012-06-13 at 15:46 +0200, Alan DeKok wrote:
>> > Aside from "make sure your LDAP server doesn't die", ;-) can anyone make
>> > any recommendations around the best approach to take, so that in event
>> > of an LDAP outage on one host, FreeRadius returns a result (or nothing
>> > at all) that causes the NAS to fail over to the secondary host?
>>
>> authorize {
>> ...
>> redundant {
>> ldap
>> do_not_respond
>> }
>> ...
>> }
>>
>> That should work.
>
> hi Alan,
>
> That works perfectly. Thanks heaps for the advice! :-)
Just wondering, since you say both servers have LDAP + FR, and that
LDAP is replicated anyway, why not configure FR to use both ldap
servers in a redundant block? So something like this on server1:
redundant {
ldap1
ldap2
}
... and you reverse ldap1 and ldap2 positions in server2. That way you
pretty much decouple FR from LDAP; should you need to expand
horizontally for scalability, you can have a pool of radius servers
(e.g. 2 or 3), and have a separate pool of ldap servers (e.g. 5 or
10).
--
Fajar
More information about the Freeradius-Users
mailing list