> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Alan DeKok > Sent: Wednesday, July 13, 2005 2:20 PM > To: FreeRadius users mailing list > Subject: Re: FreeRADIUS v1.0.4, rlm_ldap module, and redundancy > > Zawacki Jason D Ctr AFRL/IFOS <[EMAIL PROTECTED]> wrote: > > I've been trying to get this to work, but it appears, to > me, that the > > redundancy is only used for part of the auth process. > > What "auth" process? Authorize or authenticate? > > > When looking up the > > DN for the user who is trying to authenticate, redundancy works. > > During the "authorize" stage. > > > After that > > though, it appears that only the first module in the > redundant list is > > tried. > > Which redundant list? You listed two. > > > authenticate { > > Auth-Type LDAP { > > redundant { # wasn't sure if this was necessary > > svr1 > > If you want redundancy for authentication, you can list that. > > > I test by simulating a failure of svr1 using: > > Ok. The debug log shows: > > > modcall[authorize]: module "svr1" returns fail for request 0 > ... > > modcall[authorize]: module "svr3" returns fail for request 0 > ... > > modcall[authorize]: module "svr2" returns ok for request 0 > > So the redundancy in the "authorize" section works. > > > rlm_ldap::ldap_groupcmp: Search returned error > > You're using the LDAP-Group attribute, which is set to use svr1, > which is down. There's currently no fail-over for the LDAP-Group > attribute. >
I dig, that's kind of what I thought (even if I didn't word it correctly). Thanks for your help! Jason > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
