> u...@3.am wrote: >> I can tell that ldap failover config is a FAQ by the number of hits I found >> searching for this, but it seems that many of the config examples are for >> older versions of FreeRADIUS. In any case, this is what I've tried, but >> it's >> not working: > > See the FAQ for "it doesn't work". > >> ldap ldap2{ > .... >> set_auth_type = yes
Thanks for pointing that out...I had just copied and pasted that section from the secondary radius server. > Which will set "Auth-Type := ldap2". That's probably not what you want. >> This is what I put in sites-enabled/default AND in >> sites-enabled/inner-tunnel >> (it doesn't look right to me, but it's what I found): >> >> authorize { >> preprocess >> redundant LDAP{ >> ldap1 >> ldap2 >> } > > That looks OK... > >> Auth-Type LDAP { >> ldap1 >> ldap2 >> } > > That doesn't. It goes into the "authenticate" section, and you need > add a "redundant" block which wraps the calls to "ldap1" and "ldap2" That did the trick...I changed it to this: #Auth-Type LDAP { redundant LDAP{ ldap1 ldap2 } I wasn't sure if you used both "Auth-Type" AND "redundant", but apparently you only need the latter. Thanks once again, Alan! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html