Defining all three server whithin one section in modules/ldap
ldap {
server = IP ldap-1 IP ldap-2 IP ldap-3
.}
And setting just ldap within authorize and authenticate:
With this config an other ldap server is choosen, if the one that has
On 07/05/2011 02:52 PM, jan.gnep...@t-systems.com wrote:
Defining all three server whithin one section in modules/ldap
ldap { server = IP ldap-1 IP ldap-2 IP ldap-3 .}
And setting just ldap within authorize and authenticate:
With this config an other ldap server is choosen, if the one
I will try to test this.
Thank you very much!
What OS are you on, and what LDAP libraries version of those libs are you
using?
RHEL Server 5.6 (64 bit), Kernel 2.6.18-238.5.1.el5
# rpm -qa | grep -i ldap
php-ldap-5.1.6-27.el5_5.3
openldap-clients-2.3.43-12.el5_6.7
openldap-2.3.43-12.el5_6.7
Just a gap of our users file, we have 18 default lines and additional 4 for a
local/PAP user:
DEFAULT Auth-Type := LDAP, Huntgroup-Name == consoleserver, LDAP-Group ==
LDAP-GROUP-Team-a
Login-Service = Telnet
FWIW, since it's the LDAP-Group attribute that you're having trouble
Problem: radius is using always the same ldap server for group extends.
If this (one!) server fails, radius authentication is not possible.
Very bad, because we have redundancy configured, and expected to have zero
outage.
Sorry. The ldap module and FreeRADIUS do not work that way.
On 06/29/2011 03:46 PM, jan.gnep...@t-systems.com wrote:
What is your net_timeout set to?
net_timeout = 1
timelimit = 2
timeout = 4
For testing i added a hostroute to an other gateway (=host unreachable)
Unfortunately, when you supply1 LDAP server, this is handled
internally by libldap,
Phil Mayers p.may...@imperial.ac.uk wrote:
Not as easy as it sounds ;-) 12 radius pairs (singe server with the
same config) at 10 locations, 3 ldap server at 3 different locations
For countervail lost of one or two locations, loadbalancing will be
very complex.
If the three sites have
Hi,
We use radius (freeradius2-2.1.7-7.el5) for user authentication/authorization
on network devices.
Therefore we use a mapping from huntgroups to ldap groups.
We have three ldap server running, and wanted to use redundant or
redundant-load-balance.
I have tested two cases till now, because
On 28/06/11 16:12, jan.gnep...@t-systems.com wrote:
Problem: radius is using always the same ldap server for group extends.
If this (one!) server fails, radius authentication is not possible.
Very bad, because we have redundancy configured, and expected to have zero
outage.
Sorry. The ldap
Phil Mayers p.may...@imperial.ac.uk wrote:
Unfortunately, when you supply 1 LDAP server, this is handled
internally by libldap, and libldap tries the LDAP servers in series, not
in parallel. So there will always be some outage.
FreeRADIUS does not currently have connection pools, and
On 06/28/2011 08:15 PM, Alexander Clouter wrote:
I keep meaning to do this for the sql module (well, postgresql) but it
can be done for libldap too. Open the socket directly in freeradius,
using SOCK_NONBLOCK - connect() - SO_RCVTIMEO/SO_SNDTIMEO and then
pass that all to ldap_init_fd().
11 matches
Mail list logo