ldap load-balance
Elias Pereira
empbilly at gmail.com
Thu Oct 6 13:57:47 UTC 2022
hi,
Thanks for the reply!!!
I have a post-auth to direct the user to a specific vlan.
It would look like this?
redundant-load-balance {
ldap-dc3
ldap-dc4
}
# Auth-Type LDAP {
# ldap
# }
eap
# Auth-Type eap {
# eap {
# handled = 1
# }
# if (handled && (Response-Packet-Type == Access-Challenge)) {
# attr_filter.access_challenge.post-auth
# handled # override the "updated" code from attr_filter
# }
# }
}
post-auth {
redundant-load-balance {
ldap-dc3
ldap-dc4
}
if (Ldap-Group == "CN=ADM,OU=GRUPOS,OU=CAMPUS,DC=company,DC=net") {
update reply {
&Tunnel-Type = VLAN
&Tunnel-Medium-Type = IEEE-802
&Tunnel-Private-Group-Id = "51"
}
}
...
On Thu, Oct 6, 2022 at 10:48 AM Michael Schwartzkopff via Freeradius-Users <
freeradius-users at lists.freeradius.org> wrote:
> On 06.10.22 15:43, Elias Pereira wrote:
> > hi,
> >
> > I was reading the load-balance article on the freeradius wiki and had
> some
> > doubts.
> >
> > I have two vms with sambaAD. In mod-enable > ldap I need to configure 2
> > entries of the ldap block?
> >
> > eg:
> > ldap1{
> > ...
> > }
> >
> > ldap2{
> > ...
> > }
> >
> > 2. Is the loadbalance setting done in the file sites-enable > default?
> >
>
> hi,
>
>
> with the config above you configured the modules ldap1 and ldap2. You
> have to tell your server, i.e. the default server, to use this modules
> during authorization.
>
>
> Add something like instead of the default "ldap" statement.
>
> redundant-load-balance {
> ldap1
> ldap2
> }
>
>
> Mit freundlichen Grüßen,
>
> --
>
> [*] sys4 AG
>
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
>
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Elias Pereira
More information about the Freeradius-Users
mailing list