Multiple LDAP failover issue
Satish Patel
satish.txt at gmail.com
Wed May 1 17:23:56 CEST 2019
I have freeradius configure with LDAP servers and so far everything is
working great but today when i have added second ldap server i got
following error
I have created two ldap file as per document ldap1 & ldap2 and my
authorization and authentication section look like following.
authorization {
...
Auth-Type LDAP {
ldap1 {
fail = 1
ok = return
}
ldap2 {
fail = 1
ok = return
}
}
authorize {
....
redundant {
ldap1
ldap2
}
My users files look like following
DEFAULT Ldap-Group == "cn=employee,cn=groups,cn=compat,dc=foo,dc=com",
ASA-TunnelGroupName = "EMPLOYEE"
DEFAULT Auth-Type := Reject
Reply-Message = "Sorry, you're not part of an authorized group!
when i start radiusd -X it failed here
reading pairlist file /etc/raddb/mods-config/files/authorize
/etc/raddb/mods-config/files/authorize[48]: Parse error (check) for
entry DEFAULT: Unknown name "Ldap-Group"
Failed reading /etc/raddb/mods-config/files/authorize
/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
but when i changed Ldap-Group to ldap1-LDAP-Group it works do does
that means i have to create two section in users file for two LDAP?
ldap1-LDAP-Group
ldap2-LDAP-Group
More information about the Freeradius-Users
mailing list