Hi!
I have freeradius 1.1.0 working and I want to have a redundant/load
balancing mecanism but when I use TLS to secure the communication with
the ldaps, FR only works with one server (eg: ldapmaster). The log says
that it cannot contact the other server (eg: ldapslave). But if I use
one ldap in clear-text communication, it works perfectly, that is I have
redundant load balancing with one LDAP/TLS and another LDAP/clear. Of
course it's not what I want. :-)
My configurations are:
modules {
...
ldap ldapmaster {
server = "checkpoint2"
port = 636
basedn = "ou=users,dc=ual,dc=pt"
filter = "(mail=%{User-Name})"
dictionary_mapping = ${raddbdir}/ldap.attrmap
timeout = 60
timelimit = 60
net_timeout = 60
ldap_connections_number = 30
access_attr = "radiusClientIPAddress"
start_tls = no
tls_cacertfile = ${raddbdir}/1x/checkpoint2.pem
tls_certfile = ${raddbdir}/1x/checkpoint2.pem
tls_keyfile = ${raddbdir}/1x/checkpoint2.pem
}
ldap ldapslave {
server = "checkpoint"
port = 636
basedn = "ou=users,dc=ual,dc=pt"
filter = "(mail=%{User-Name})"
dictionary_mapping = ${raddbdir}/ldap.attrmap
timeout = 60
timelimit = 60
net_timeout = 60
ldap_connections_number = 30
access_attr = "radiusClientIPAddress"
start_tls = no
tls_cacertfile = ${raddbdir}/1x/checkpoint.pem
tls_certfile = ${raddbdir}/1x/checkpoint.pem
tls_keyfile = ${raddbdir}/1x/checkpoint.pem
}
...
}
....
redundant-load-balance {
ldapmaster
ldapslave
}
Any idea?
TIA.
--
Atentamente,
------------------------------------
|Paulo Cabrita, Msc |
|Director do Centro de Informática |
|da Universidade Autónoma de Lisboa|
|Tel: +351-213177635 |
|Fax: +351-213533702 |
|E-mail: [EMAIL PROTECTED] |
------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
