> Just a gap of our users file, we have 18 default lines and additional 4 for a
> local/PAP user:
>
>
> DEFAULT Auth-Type := LDAP, Huntgroup-Name == consoleserver, LDAP-Group ==
> ""
> Login-Service = Telnet
>
FWIW, since it's the LDAP-Group attribute that you're having trouble with, we
> I will try to test this.
Thank you very much!
>What OS are you on, and what LDAP libraries & version of those libs are you
>using?
RHEL Server 5.6 (64 bit), Kernel 2.6.18-238.5.1.el5
# rpm -qa | grep -i ldap
php-ldap-5.1.6-27.el5_5.3
openldap-clients-2.3.43-12.el5_6.7
openldap-2.3.43-12.el5_
Phil Mayers wrote:
>
>> Not as easy as it sounds ;-) 12 radius pairs (singe server with the
>> same config) at 10 locations, 3 ldap server at 3 different locations
>> For countervail lost of one or two locations, loadbalancing will be
>> very complex.
>
If the three sites have an IGP running
On 06/29/2011 03:46 PM, jan.gnep...@t-systems.com wrote:
What is your "net_timeout" set to?
net_timeout = 1
timelimit = 2
timeout = 4
For testing i added a hostroute to an other gateway (=host unreachable)
Unfortunately, when you supply>1 LDAP server, this is handled
internally by libldap,
>> Problem: radius is using always the same ldap server for group extends.
>> If this (one!) server fails, radius authentication is not possible.
>> Very bad, because we have "redundancy" configured, and expected to have zero
>> outage.
>Sorry. The "ldap" module and FreeRADIUS do not work that wa
On 06/28/2011 08:15 PM, Alexander Clouter wrote:
I keep meaning to do this for the sql module (well, postgresql) but it
can be done for libldap too. Open the socket directly in freeradius,
using SOCK_NONBLOCK -> connect() -> SO_RCVTIMEO/SO_SNDTIMEO and then
pass that all to ldap_init_fd().
Phil Mayers wrote:
>
> Unfortunately, when you supply >1 LDAP server, this is handled
> internally by libldap, and libldap tries the LDAP servers in series, not
> in parallel. So there will always be some outage.
>
> FreeRADIUS does not currently have connection pools, and they're a bit
> har
On 28/06/11 16:12, jan.gnep...@t-systems.com wrote:
Problem: radius is using always the same ldap server for group extends.
If this (one!) server fails, radius authentication is not possible.
Very bad, because we have "redundancy" configured, and expected to have zero
outage.
Sorry. The "ldap
8 matches
Mail list logo