Question regarding redundant-load-balance
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Thu Apr 23 14:51:37 CEST 2015
Hi,
we've been using freeradius for many years, but now we're setting up new
servers (3.0.8 as of today) and I'm testing configuration options we've
never used before. Currently I'm trying to figure out how to achieve
maximum resilience using LDAP backends. We're using LDAP the "right" way,
i.e. we query for the password during authorize. That works just fine.
Here's the problem: I'm trying to use redundant-load-balance like this - I
set up separate modules with one LDAP server each:
#
# The ldap module reads passwords from the LDAP database.
#
redundant-load-balance {
rrzk-ldap-centos
rrzk-ldap-mailldap
}
If both LDAP servers are up when I start radiusd, all is well, even if I
stop one of the LDAP servers later. But if one of them is down during
startup of radiusd, this happens:
# radiusd -X
...
rlm_ldap (rrzk-ldap-centos): Initialising connection pool
pool {
start = 5
min = 4
max = 32
spare = 3
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 1
spread = no
}
rlm_ldap (rrzk-ldap-centos): Opening additional connection (0), 1 of 32
pending slots used
rlm_ldap (rrzk-ldap-centos): Connecting to ldap://redacted:389
rlm_ldap (rrzk-ldap-centos): Could not start TLS: Can't contact LDAP server
rlm_ldap (rrzk-ldap-centos): Opening connection failed (0)
rlm_ldap (rrzk-ldap-centos): Removing connection pool
/etc/raddb/mods-enabled/rrzk-ldap-centos[8]: Instantiation failed for
module "rrzk-ldap-centos"
#
What do I have to do to make freeradius ignore that it can't instantiate
the module during startup? Or what else am I doing wrong?
Thanks
Sebastian
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150423/83ddda9d/attachment.bin>
More information about the Freeradius-Users
mailing list