LDAP redundancy at Freeradius 3.0.8
Ing. Martin Samek
samekma1 at fel.cvut.cz
Wed Jul 8 14:40:18 CEST 2015
Hi,
> The first question is: what kind of redundancy do you want?
>
> Do you want to use the LDAP servers as databases, and let FreeRADIUS do the authentication? Or do you want to pass the name/password to LDAP, and have the LDAP servers do the authentication?
>
> The answer for "how to correctly configure LDAP server redundancy" depends on the answer to those questions.
We are using LDAP as a password database and FreeRADIUS is doing
authentication. Ldap is defined like follows:
ldap feld {
server = 'ldaps://ldap.location2.tld.cz:636'
identity = 'uid=blah,ou=Special Users,o=blah.cz'
password = blah
base_dn = 'ou=People,o=blah.cz'
update {
control:Cleartext-Password := 'mobilitypassword'
reply:Tunnel-Private-Group-ID += 'departmentNumber'
}
>> according to this i altered site inner-tunnel configuration to
> You don't need to do that. See this page for how the "redundant" keyword works.
>
> http://networkradius.com/doc/3.0.7/unlang/redundant.html
>
> See also "man unlang", which has similar text.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3256 bytes
Desc: Elektronicky podpis S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150708/3dd44cb4/attachment.bin>
More information about the Freeradius-Users
mailing list