> >
> > You're using the LDAP-Group attribute, which is set to use svr1,
> > which is down. There's currently no fail-over for the LDAP-Group
> > attribute.
> >
>
> I dig, that's kind of what I thought (even if I didn't word it correctly).
> Thanks for your help!
>
You can simulate redundancy for the Ldap-Group attribute, by doing this.
Instantiate your ldap modules in radiusd.conf.
instantiate {
srv1
srv2
srv3
}
In users file, add multiple lines of the same ldap-group lookup, for each
srv.
For example, say you must have ldap-group of dial if coming from a dial
huntgroup.
DEFAULT Huntgroup-Name == dial, srv1-Ldap-Group == dial
DEFAULT Huntgroup-Name == dial, srv2-Ldap-Group == dial
DEFAULT Huntgroup-Name == dial, srv3-Ldap-Group == dial
What will happen is if the huntgroup matches, then the server will lookup
on the srv1 instance if ldap-group = dial. If so, it matches and the
users file ends. If not, it continues down the file, where it will then
try srv2. If that fails, it continues to srv3.
So, if one and two are down, then this will require 3 different lookups to
finally get to srv3, but it will provide you with some type of redundancy.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
