Hello Holger -
On Thursday 11 January 2001 20:28, Holger Meyer wrote:
> All,
>
> we run into problems using Radiator within a LDAP high availability
> environment.
>
> Problem: Radiator hung if one of the LDAP directories in an high
> availability setup gets down. Client requests are not accepted by Radiator
> anymore.
>
> System setup:
> Two X.500 based, full LDAPv3 compliant directories are employed in a
> Master-Slave setup. Based on replication from the Master to the Slave, each
> directory contains the same Radius profiles for remote users. The
> directories are configured to handle search request just locally and they
> do not query each other by means of referrals or chaining.
> Radiator runs on the same box as the slave X.500/LDAP directory. The master
> LDAP directory is installed on a second box. The radius.cfg file refers
> both LDAP directory servers for lookups, while the slave directory should
> be queried first. The second (Master) directory should be just called by
> Radiator in case of negative or no response to queries to the slave
> directory.
>
> Problem description:
> In case one of the two directories goes down, Radiator should query the
> second, still available directory. Instead, Radiator just hung and does not
> respond to client requests anymore. I assume Radiator still tries to open
> some sort of connection to the directory it has been using before, but
> which is down now. However, we do not see any connection attempt like that
> in the logs. Stopping and restarting of the Radiator daemon does not solve
> the problem. The only fix was to remove the entry for the second LDAP
> directory from radius.conf so that just one directory is known to Radiator.
> But that does not fulfill the requirement for an high availability service,
> of course.
>
> Enclosed please find the handler section of our radius.cfg file:
>
> -------8<------------------------------------
> <Handler User-Name = /^zzzzz/>
>
>
> AuthByPolicy ContinueUntilAccept
> <AuthBy LDAP>
> Host xx.xx.xxx.xxx
> Port 389
> AuthDN cn=Manager, o=Server1, c=DE
> AuthPassword xxxxx
> BaseDN cn=Router, cn=Services, o=Server1, c=de
> UsernameAttr commonName
> PasswordAttr cdsDEradiatorPassword1
> ReplyAttr cdsDEradiatorConfiguration2
> </AuthBy>
>
> <AuthBy LDAP>
> Host yy.yy.yy.yyy
> Port 389
> AuthDN cn=Manager, o=Server2, c=de
> AuthPassword yyyyyy
> BaseDN cn=Router, cn=Services, o=Server2, c=de
> UsernameAttr commonName
> PasswordAttr cdsDEradiatorPassword1
> ReplyAttr cdsDEradiatorConfiguration2
> </AuthBy>
>
> # Log accounting to the detail file in LogDir
> AcctLogFileName /etc/raddb/detail
>
> </Handler>
> -------8<------------------------------------
>
> Anybody who can give us some advise what might be wrong in our
> configuration and how to fix the problem?
>
Have you tried using an AuthBy LDAP2 instead?
thanks
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
