freeradius 3.0.15 not tarting if one LDAP server not reachable

Alan DeKok aland at
Fri Dec 15 16:55:41 CET 2017

On Dec 15, 2017, at 9:01 AM, Enno Gröper <groepeen at> wrote:
> If one of those ldap servers (i.e. ldap_cms2) can't be reached (temporary failure, maintenance, ...), freeradius won't start:
> Thu Dec 14 21:05:31 2017 : Error: rlm_ldap (ldap_cms2): Could not start TLS: Can't contact LDAP server
> Thu Dec 14 21:05:31 2017 : Error: rlm_ldap (ldap_cms2): Opening connection failed (0)
> Thu Dec 14 21:05:31 2017 : Error: /usr2/freeradius/etc/raddb/mods-enabled/ldap[844]: Instantiation failed for module "ldap_cms2"
> Thu Dec 14 21:05:36 2017 : Info: Debugger not attached
> Are there any ideas how to work around this problem?

  Set "start = 0" in the "pool" subsection of raddb/mods-enabled/ldap

> Do you think error handling could be extended here to distinguish between temporary and permanent (configuration) errors?

  How would you tell the difference between the two?

> Or would this add too much complexity?
> I assume, this would be a too complex change for 3.x.
> At this point in time we don't know, that there will be a redundant config for this authentication source.
> Should I open a bug for this?

  Nope.  You can work around the issue using the standard configuration options.

  Alan DeKok.

More information about the Freeradius-Users mailing list