Hi, I'm currently using FreeRADIUS v2.1.7 with OpenLDAP v2.3.43 as back-end. After already reading numerous times that ldap failover doesn't work/isn't implemented in the rlm_ldap I had to find another way to provide HA. Currently I'm pointing towards 2 radius servers, each configured with a different ldap server.
The problem I'm having is that the radius sends an explicit reject when it can't connect to ldap. This is problematic since the requester will reject the user, instead of trying to contact the second radius. Is there a way to catch the "Can't contact LDAP server"/rlm_fail and send no response at all in that case? From a requester perspective it would be much cleaner to get no response at all (and trying the 2nd radius server) then getting a reject. Br, Thomas
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html