multiple ldap servers

jeff donovan jdonovan at beth.k12.pa.us
Fri May 4 14:30:06 CEST 2012 

Greetings

I'm new to radius but have been reading.

I have a freeradius server running on ubuntu 11, my users file is an ldap server which works great. My question is,

how can i search and alternate LDAP server for user credentials ?
If the first LDAP search fails try the next server in line. 

I found some documentation-
* http://freeradius.org/radiusd/doc/ldap_howto.txt  does not mention a second server.
*http://freeradius.org/radiusd/doc/configurable_failover explains the redundant setup for sql accounting. 

so far I tried adding the second ldap server, it's info is read during module load -- no errors. The problem is,.. only one of the ldap systems contains the correct info. So one WILL fail and the other will pass. 
with that being said,.. How do i configure my server to Pass if either system returns " ok " ? currently it will fail even if one LDAP system returns good.

authorize {

	preprocess
	chap
	mschap
	digest
	suffix
	eap {
		ok = return
	}

	files

    redundant {
		ldap1
		ldap2
    	}

	expiration
	logintime
	pap

#	Autz-Type Status-Server {
#
#	}
}

authenticate {

	Auth-Type PAP {
		pap
	}

	Auth-Type CHAP {
		chap
	}
	
	Auth-Type MS-CHAP {
		mschap
	}

	digest

	#
	#  Pluggable Authentication Modules.
#	pam
	unix
	
	Auth-Type LDAP {
		ldap1
		ldap2
	}
	
	eap

#	Auth-Type eap {
#		eap {
#			handled = 1  
#		}
#		if (handled && (Response-Packet-Type == Access-Challenge)) {
#			attr_filter.access_challenge.post-auth
#			handled  # override the "updated" code from attr_filter
#		}
#	}
}


Any Assistance would be helpful.
-j
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120504/a7d81a53/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2497 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120504/a7d81a53/attachment.bin>

More information about the Freeradius-Users mailing list