ldap load-balance

Elias Pereira empbilly at gmail.com
Thu Oct 6 13:57:47 UTC 2022


hi,

Thanks for the reply!!!

I have a post-auth to direct the user to a specific vlan.

It would look like this?

redundant-load-balance {
        ldap-dc3
        ldap-dc4
   }


#  Auth-Type LDAP {
#     ldap
#  }

   eap

#  Auth-Type eap {
#     eap {
#        handled = 1
#     }
#     if (handled && (Response-Packet-Type == Access-Challenge)) {
#        attr_filter.access_challenge.post-auth
#        handled  # override the "updated" code from attr_filter
#     }
#  }
}

post-auth {
   redundant-load-balance {
        ldap-dc3
        ldap-dc4
   }
   if (Ldap-Group == "CN=ADM,OU=GRUPOS,OU=CAMPUS,DC=company,DC=net") {
                update reply {
                        &Tunnel-Type = VLAN
                        &Tunnel-Medium-Type = IEEE-802
                        &Tunnel-Private-Group-Id = "51"
                }
        }

   ...


On Thu, Oct 6, 2022 at 10:48 AM Michael Schwartzkopff via Freeradius-Users <
freeradius-users at lists.freeradius.org> wrote:

> On 06.10.22 15:43, Elias Pereira wrote:
> > hi,
> >
> > I was reading the load-balance article on the freeradius wiki and had
> some
> > doubts.
> >
> > I have two vms with sambaAD. In mod-enable > ldap I need to configure 2
> > entries of the ldap block?
> >
> > eg:
> > ldap1{
> > ...
> > }
> >
> > ldap2{
> > ...
> > }
> >
> > 2. Is the loadbalance setting done in the file sites-enable > default?
> >
>
> hi,
>
>
> with the config above you configured the modules ldap1 and ldap2. You
> have to tell your server, i.e. the default server, to use this modules
> during authorization.
>
>
> Add something like instead of the default "ldap" statement.
>
> redundant-load-balance {
>      ldap1
>      ldap2
> }
>
>
> Mit freundlichen Grüßen,
>
> --
>
> [*] sys4 AG
>
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
>
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-- 
Elias Pereira


More information about the Freeradius-Users mailing list