Dear FreeRADIUS users,

I am working on setting up LDAP failover for my radius servers.
I currently have two instances defined in the modules section:

ldap ldap1 {...}
ldap ldap2 {...}

and have a redundant section in authorize:

redundant {
  ldap1
  ldap2
}

This is correctly making the connection to the ldap server.
However, in the users file I am using the ldap_xlat process
to send the appropriate Class definition back to the network
gear:

DEFAULT Auth-Type = Kerberos, NAS-IP-Address == x.y.z.g
        Class = "OU=%{ldap:ldap:///dc=rice,dc=edu?Class?sub?uid=%u}";

The problem is that that this does not work unless I define a specific
instance for the xlat process. This does not allow it to failover to
the working server. Does anyone have any ideas about how to implement
such functionality?

Ken Marshall

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to