freeradius 3.0.15 not tarting if one LDAP server not reachable
Alan DeKok
aland at deployingradius.com
Fri Dec 15 16:55:41 CET 2017
On Dec 15, 2017, at 9:01 AM, Enno Gröper <groepeen at cms.hu-berlin.de> wrote:
> If one of those ldap servers (i.e. ldap_cms2) can't be reached (temporary failure, maintenance, ...), freeradius won't start:
>
> Thu Dec 14 21:05:31 2017 : Error: rlm_ldap (ldap_cms2): Could not start TLS: Can't contact LDAP server
> Thu Dec 14 21:05:31 2017 : Error: rlm_ldap (ldap_cms2): Opening connection failed (0)
> Thu Dec 14 21:05:31 2017 : Error: /usr2/freeradius/etc/raddb/mods-enabled/ldap[844]: Instantiation failed for module "ldap_cms2"
> Thu Dec 14 21:05:36 2017 : Info: Debugger not attached
>
> Are there any ideas how to work around this problem?
Set "start = 0" in the "pool" subsection of raddb/mods-enabled/ldap
> Do you think error handling could be extended here to distinguish between temporary and permanent (configuration) errors?
How would you tell the difference between the two?
> Or would this add too much complexity?
> I assume, this would be a too complex change for 3.x.
> At this point in time we don't know, that there will be a redundant config for this authentication source.
> Should I open a bug for this?
Nope. You can work around the issue using the standard configuration options.
Alan DeKok.
More information about the Freeradius-Users
mailing list