>I have two freeradius v2.1.3-1 servers setup to run with redundant load >balancing with two Windows Active Directory LDAP servers for authentication. >When the LDAP servers are running the radius will load-balance between them >and authenticate fine. If I shut the primary LDAP server down radius doesn't >authenticate properly against the second LDAP server. I have tested the >secondary LDAP as the the primary in the radius configuration and it works >fine. If I change the radius config to have a bogus primary name it will then >authenticate with the secondary fine. But when it has the correct name and >the primary is down the authentication fails. I believe it may have something >to do with ntlm_auth but I don't understand why as in the other test instances >with the bogus name it works. Below is the LDAP portion of my server along >with a part of the debug of what happens when I shutdown the primary LDAP >server. If anyone has any suggestions it would be much appreciated. >
ntlm_auth is pointing to the first DC. If you give the bogus name DC is still working (so does ntlm_auth). When you bring it down - ntlm_auth stops working. You need to build in redundancy on the samba side. See their documentation on how to configure backup DCs. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html