radiusd halts when LDAP bind fails.

Alan DeKok aland at deployingradius.com
Tue Sep 27 23:08:53 CEST 2016

On Sep 27, 2016, at 4:14 PM, Scott McLane Gardner <sgardne at uark.edu> wrote:
> Hi list. I am trying to troubleshoot my radiusd occasionally halts when failing to bind with the LDAP server. I would prefer it to maybe wait a minute and restart rather than halting. Is this usual behaviour? 

  If you're using 3.0.4, upgrade.  We've put a LOT of fixes in.

  I'll be releasing 3.0.12 tomorrow (yes, finally), which should help.

> The wiki for rlm_ldap says:
> set the uses, lifetime and idle_timeout settings in the pool section of the LDAP module to zero
> But I have already set this value. I realize this means the server can't contact the LDAP server to do the auth, but I would prefer the service to be more resilient if possible.

  What, exactly, do you want the server to do if LDAP is down?

  You can configure "unlang" to do something else if LDAP fails.  See "man unlang", and look for "redundant".

> Preferably without having to do some cron or nagios scripting magic. (I'm open to it, but I wonder if there's a native handler for this?) Usually LDAP and radiusd are fine even very shortly after halting. 

  The short answer is "don't take your database down while RADIUS is running".

  If LDAP is a critical component for RADIUS, ensure that LDAP is running.  Always.

  Anything else is just a work-around.  Nothing beats keeping LDAP up and operating.

  Alan DeKok.

More information about the Freeradius-Users mailing list