Multiple LDAP failover issue

Manoel bezerra maneo.ufrn at gmail.com
Thu May 2 00:30:14 CEST 2019


Do you create a symbolic link to file ldap1 and ldap2?
*/etc/raddb/mods-enabled/files[**9]: Instantiation failed for module
"files"*
It occurs when freeradius don't find the file especified in virtual server
configuration.
So, first, create the simbolic link to these files.
After, review the group configuration. I use a filter to memberOf and I
take only the attribuite cn that identify my group.
In file user I use only the attribute for to filter. IE:
DEFAULT Ldap-Group == admin-vlan
        Service-Type = Framed-User,
        Tunnel-Type = VLAN,
        Tunnel-Medium-Type = IEEE-802,
        Tunnel-Private-Group-ID = 10
that's why I made the filter in ldap file mod-enable.

Atenciosamente.
Manoel Bezerra da Costa Neto
Analista de infraestruta em Redes de Computadores.


Em qua, 1 de mai de 2019 às 12:29, Alan DeKok <aland at deployingradius.com>
escreveu:

> On May 1, 2019, at 11:23 AM, Satish Patel <satish.txt at gmail.com> wrote:
> >
> > I have freeradius configure with LDAP servers and so far everything is
> > working great but today when i have added second ldap server i got
> > following error
> >
> > I have created two ldap file as per document ldap1 & ldap2 and my
> > authorization and authentication section look like following.
> > ...
> > when i start radiusd -X it failed here
> >
> > reading pairlist file /etc/raddb/mods-config/files/authorize
> > /etc/raddb/mods-config/files/authorize[48]: Parse error (check) for
> > entry DEFAULT: Unknown name "Ldap-Group"
> > Failed reading /etc/raddb/mods-config/files/authorize
> > /etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
>
>   Yes.
>
> > but when i changed Ldap-Group to ldap1-LDAP-Group  it works do does
> > that means i have to create two section in users file for two LDAP?
> >
> > ldap1-LDAP-Group
> > ldap2-LDAP-Group
>
>   The LDAP-Group checks are *not* done in a redundant fashion.  So yes,
> you will need two group checks.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list