redundant-load-balance

[Jonathan Gazeley]

Hi folks,

In my RADIUS config on 3.0.12 I've listed a number of LDAP servers, 
identically configured, and used a redundant-load-balance section to 
list them. This has always worked in a "normal" situation but over 
Christmas we had a couple of outages and I have some questions about the 
behaviour of redundant-load-balance.

Firstly, one of the LDAP servers lost power. redundant-load-balance did 
the right thing, reported "Opening connection failed" and skipped that 
server.

Later, another LDAP server got itself in a funny state where it was up 
and responsive, accepting connections but timing out when FreeRADIUS 
tried to bind, with the message "Timed out while waiting for server to 
respond". For some reason, redundant-load-balance continued to send LDAP 
queries to the server even though it wasn't working properly.

How does rlm_ldap determine if a server is up or down, and what can I 
configure in my ldap modules or redundant-load-balance to ensure that if 
the LDAP server misbehaves in future, it will get marked as dead and 
cause redundant-load-balance to send queries to a different server?

Unfortunately as the event happened in the past I don't have debug logs 
- only the regular radius.log. We also don't know what caused the LDAP 
server to get into that state (our Windows guys are looking into it) so 
currently we can't recreate the problem, either.

Thanks,
Jonathan

-- 
Jonathan Gazeley
Senior Systems Administrator
IT Services
University of Bristol