freeradius 3.0.15 not tarting if one LDAP server not reachable
Enno Gröper
groepeen at cms.hu-berlin.de
Fri Dec 15 15:01:32 CET 2017
Hi,
We are running freeradius with authentication against several LDAP
clusters (2-node):
Example config:
Auth-Type LDAP_CMS {
redundant-load-balance { # between ldap servers
ldap_cms1
ldap_cms2
}
}
If one of those ldap servers (i.e. ldap_cms2) can't be reached
(temporary failure, maintenance, ...), freeradius won't start:
Thu Dec 14 21:05:31 2017 : Error: rlm_ldap (ldap_cms2): Could not start
TLS: Can't contact LDAP server
Thu Dec 14 21:05:31 2017 : Error: rlm_ldap (ldap_cms2): Opening
connection failed (0)
Thu Dec 14 21:05:31 2017 : Error:
/usr2/freeradius/etc/raddb/mods-enabled/ldap[844]: Instantiation failed
for module "ldap_cms2"
Thu Dec 14 21:05:36 2017 : Info: Debugger not attached
Are there any ideas how to work around this problem?
Looking at the code rlm_ldap instantiation would fail, if there is any
problem.
If freeradius is already running, there is no problem with a failing
ldap server. But a freeradius restart in such a situation means a full
service failure (even if only one of 8 ldap servers is down).
@devs:
Do you think error handling could be extended here to distinguish
between temporary and permanent (configuration) errors? Or would this
add too much complexity?
I assume, this would be a too complex change for 3.x.
At this point in time we don't know, that there will be a redundant
config for this authentication source.
Should I open a bug for this?
Kind regards,
Enno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5046 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171215/d5e47508/attachment-0001.bin>
More information about the Freeradius-Users
mailing list