LDAP redundancy at Freeradius 3.0.8
Ing. Martin Samek
samekma1 at fel.cvut.cz
Tue Jul 7 23:50:20 CEST 2015
Hi,
I'm trying find out how to correctly configure LDAP server redundacy in
Freeradius 3.0.8. I dig trough mailing list archive, found some
configuration snippets, but configuration doesn't work for me.
We have two LDAP servers in independent locations:
ldap.location1.tld.cz
ldap.location2.tld.cz
there is radius server radius.location1.tld.cz. Now I prepare
configuration of radius.location2.tld.cz. My idea is to use
ldap.location2 as primary LDAP server at radius.location2 and server
ldap.location1 as fallback option in case that ldap.location2 is not
available.
I added second section to the module ldap configuration:
ldap location1 {
server = ldap.location1.tld.cz
...
...
}
ldap location2 {
server = ldap.location2.tld.cz
...
...
}
according to this i altered site inner-tunnel configuration to
authorize {
location1
if ((ok || updated) && User-Password) {
update {
control:Auth-Type := mschap
}
}
location2
if ((ok || updated) && User-Password) {
update {
control:Auth-Type := mschap
}
}
}
but this didn't work for me. So i found in another thread piece of
configuration with
redundant LDAP {
location1
location2
}
in authentication section there is:
Auth-Type LDAP {
redundant LDAP {
location1
location2
}
}
but also no luck. All cases leads to authentication fail when one of the
ldap server is down. Could someone please explain me the point how
correctly setup fail-over between these two LDAP server ?
Thanks.
Martin
More information about the Freeradius-Users
mailing list