multiple ldap servers

Tobias Hachmer lists at
Sat May 5 10:36:10 CEST 2012

On 05/05/2012 01:40 AM, jeff donovan wrote:
> greetings
> sorry
> i snipped the bottom off , I didn't think it relevant since nothing happened after it tried to auth on ldap1.
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject] 	expand: %{User-Name} ->  drfoo
>   attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 2 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 2
> Sending Access-Reject of id 158 to port 65478
> Waking up in 4.9 seconds.
> Cleaning up request 2 ID 158 with timestamp +22
> Ready to process requests.
Hi Jeff,

are you sure you configured your ldap modules right?
For me it seems you don't because your ldap bind fails. configure your 
ldap1 module for the ldap1 server with a bind user which exists on ldap 
server 1. In debug output your ldap1 module references with a user dn in 
"cn=users,dc=ldap2,". Is this correct or have it to be 
"cn=users,dc=ldap1," ?

As I tried to explain before it's not the authentication of the user in 
radius request which fails but the bind user so the ldap module wasn't 
able to check the user credentials! Please reread the ldap documentation 
if this is unclear...

Tobias Hachmer

More information about the Freeradius-Users mailing list