Mitchell, Michael wrote:
Configurable failover IS what you want... You just have to specify not_found = 1 (or some other number depending on your other options). Have another read of the doco. :)I had seen the file "doc/configurable_failover" but in my case i have TWO ldap server and so two bases.
When i do a request the log file return and always search on the same server (xxx.unilim.fr and not yyy.unilim.fr)
rlm_ldap: performing user authorization for viersp01
radius_xlat: '(uid=viersp01)'
radius_xlat: 'ou=personnes,dc=xxx,dc=unilim,dc=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to xxx.unilim.fr:389, authentication 0
rlm_ldap: bind as / to xxx.unilim.fr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=personnes,dc=xxx,dc=unilim,dc=fr, with filter (uid=viersp01)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldapfirst" returns notfound for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for viersp01
radius_xlat: '(uid=viersp01)'
radius_xlat: 'ou=people,dc=unilim,dc=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 164.81.x.x:389, authentication 0
rlm_ldap: bind as / to 164.81.x.x:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=people,dc=unilim,dc=fr, with filter (uid=viersp01)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user viersp01 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldapsecond" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "viersp01" with password "410"
rlm_ldap: user DN: uid=viersp01,ou=people,dc=unilim,dc=fr
rlm_ldap: (re)connect to xxx.unilim.fr:389, authentication 1
rlm_ldap: bind as uid=viersp01,ou=people,dc=unilim,dc=fr/410 to xxx.unilim.fr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind failed with invalid credentials
modcall[authenticate]: module "ldapfirst" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Login incorrect (rlm_ldap: User not found): [viersp01/410] (from client localhost port 0
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Viers - SCI
Sent: Wednesday, 20 October 2004 6:08 PM
To: [EMAIL PROTECTED]
Subject: Multiple ldap server
Hello,
i would like to configure my freeradius server with multiple ldap server
(two), because we had two
authentication bases of users on each one.
When a user initiate a authentication request, if the first ldap server
does not find it, freeradius must
search in the second ldap server.
I had seen the failover configuration on freeradius doc but that's not
what i search.
Thanks a lot
--
____________________________________________________________
Nicolas Viers | Service Commun Informatique Mél: [EMAIL PROTECTED] | 123, avenue Albert Thomas | 87060 Limoges cedex Tel: 05-55-45-77-09 | Fax: 05-55-45-75-95 http://www.unilim.fr/sci ____________________________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
--
____________________________________________________________
Nicolas Viers | Service Commun Informatique
Mél: [EMAIL PROTECTED] | 123, avenue Albert Thomas
| 87060 Limoges cedex
Tel: 05-55-45-77-09 | Fax: 05-55-45-75-95
http://www.unilim.fr/sci ____________________________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
