Multiple LDAP failover issue

Satish Patel satish.txt at
Wed May 1 17:23:56 CEST 2019

I have freeradius configure with LDAP servers and so far everything is
working great but today when i have added second ldap server i got
following error

I have created two ldap file as per document ldap1 & ldap2 and my
authorization and authentication section look like following.

authorization {
 Auth-Type LDAP {
             ldap1 {
                  fail = 1
                  ok = return
          ldap2 {
                 fail = 1
                ok = return

authorize {
redundant {

My users files look like following

DEFAULT Ldap-Group == "cn=employee,cn=groups,cn=compat,dc=foo,dc=com",
ASA-TunnelGroupName = "EMPLOYEE"

DEFAULT Auth-Type := Reject
       Reply-Message = "Sorry, you're not part of an authorized group!

when i start radiusd -X it failed here

reading pairlist file /etc/raddb/mods-config/files/authorize
/etc/raddb/mods-config/files/authorize[48]: Parse error (check) for
entry DEFAULT: Unknown name "Ldap-Group"
Failed reading /etc/raddb/mods-config/files/authorize
/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"

but when i changed Ldap-Group to ldap1-LDAP-Group  it works do does
that means i have to create two section in users file for two LDAP?


More information about the Freeradius-Users mailing list