All,
we run into problems using Radiator within a LDAP high availability
environment.
Problem: Radiator hung if one of the LDAP directories in an high
availability setup gets down. Client requests are not accepted by Radiator
anymore.
System setup:
Two X.500 based, full LDAPv3 compliant directories are employed in a
Master-Slave setup. Based on replication from the Master to the Slave, each
directory contains the same Radius profiles for remote users. The
directories are configured to handle search request just locally and they do
not query each other by means of referrals or chaining.
Radiator runs on the same box as the slave X.500/LDAP directory. The master
LDAP directory is installed on a second box. The radius.cfg file refers both
LDAP directory servers for lookups, while the slave directory should be
queried first. The second (Master) directory should be just called by
Radiator in case of negative or no response to queries to the slave
directory.
Problem description:
In case one of the two directories goes down, Radiator should query the
second, still available directory. Instead, Radiator just hung and does not
respond to client requests anymore. I assume Radiator still tries to open
some sort of connection to the directory it has been using before, but which
is down now. However, we do not see any connection attempt like that in the
logs. Stopping and restarting of the Radiator daemon does not solve the
problem. The only fix was to remove the entry for the second LDAP directory
from radius.conf so that just one directory is known to Radiator. But that
does not fulfill the requirement for an high availability service, of
course.
Enclosed please find the handler section of our radius.cfg file:
-------8<------------------------------------
<Handler User-Name = /^zzzzz/>
AuthByPolicy ContinueUntilAccept
<AuthBy LDAP>
Host xx.xx.xxx.xxx
Port 389
AuthDN cn=Manager, o=Server1, c=DE
AuthPassword xxxxx
BaseDN cn=Router, cn=Services, o=Server1, c=de
UsernameAttr commonName
PasswordAttr cdsDEradiatorPassword1
ReplyAttr cdsDEradiatorConfiguration2
</AuthBy>
<AuthBy LDAP>
Host yy.yy.yy.yyy
Port 389
AuthDN cn=Manager, o=Server2, c=de
AuthPassword yyyyyy
BaseDN cn=Router, cn=Services, o=Server2, c=de
UsernameAttr commonName
PasswordAttr cdsDEradiatorPassword1
ReplyAttr cdsDEradiatorConfiguration2
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName /etc/raddb/detail
</Handler>
-------8<------------------------------------
Anybody who can give us some advise what might be wrong in our configuration
and how to fix the problem?
Many thanks in advance and regards,
Holger
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
