load balancing and if statements
Scott McLane Gardner
sgardne at uark.edu
Mon Mar 26 20:46:22 CEST 2012
FR 2.1.10 on Linux
I want to load balance my LDAP servers, but I also want to do some
checking for group membership. Reading the documentation at
http://wiki.freeradius.org/Load-balancing#Interaction+with+%22if%22+and+%22
else%22 makes me think I can use if and elsif statements in a load
balancing block, as long as the rules in the table are followed. However,
when I try to do this, I get the following errors in my log:
>/etc/freeradius/sites-enabled/default[173]: load-balance sections cannot
>contain a "if" statement
Here is the configuration I am attempting:
> load-balance {
> ldap1
>
> if (Ldap-Group == "NET Staff") {
> if (NAS-IP-Address == "10.52.6.5" || NAS-IP-Address ==
>"10.52.6.4") {
> update reply {
> Passport-Access-Priority = 6
> }
> }
> }
> # Reject everyone else to the routers
> elsif (NAS-IP-Address == "10.52.6.5" || NAS-IP-Address ==
>"10.52.6.4" || NAS-IP-Address == "10.51.0.1" || NAS-IP-Address ==
>"10.51.0.2") {
> reject
> }
>
> ldap2
>
> if (Ldap-Group == "NET Staff") {
> if (NAS-IP-Address == "10.52.6.5" || NAS-IP-Address ==
>"10.52.6.4") {
> update reply {
> Passport-Access-Priority = 6
> }
> }
> }
> # Reject everyone else to the routers
> elsif (NAS-IP-Address == "10.52.6.5" || NAS-IP-Address ==
>"10.52.6.4" || NAS-IP-Address == "10.51.0.1" || NAS-IP-Address ==
>"10.51.0.2") {
> reject
> }
> }
If I can't use if statements in a load balance block, can anyone suggest
another way to go about accomplishing what I want to do here?
Thank you,
Scott
More information about the Freeradius-Users
mailing list