我在用免费RADIUS 3.0有两个数据源:
- 用户文件
- 开放LDAP
配置工作正常,但是当自由RADIUS在开机时启动,并且 LDAP 服务器不可用,自由RADIUS抱怨而不开始。
那么,有没有特殊的配置呢?自由RADIUS:
“嘿,您现在无法绑定到 LDAP,没关系,只使用用户文件作为数据源。”?
更新 2017.02.11 ===========
/etc/raddb/sites-enabled/default 和 inner-tunnel 文件:
authorize {
filter_username
preprocess
auth_log
chap
mschap
digest
suffix
eap {
ok = return
}
files
ldap {
fail = 1
}
if (fail) {
ok
}
expiration
logintime
pap
}
从调试模式中提取:
radiusd -X
FreeRADIUS Version 3.0.16
...
rlm_ldap (ldap): Initialising connection pool
pool {
start = 0
min = 0
max = 32
spare = 0
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 30
spread = no
}
rlm_ldap (ldap): Loading dynamic clients
rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare"
rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
rlm_ldap (ldap): Connecting to ldap://srv1.lan4:636
rlm_ldap (ldap): Bind with uid=radius,ou=users,dc=lan1 to ldap://srv1.lan4:636 failed: Can't contact LDAP server
rlm_ldap (ldap): Opening connection failed (0)
/etc/raddb/mods-enabled/ldap[312]: Error loading clients
/etc/raddb/mods-enabled/ldap[8]: Instantiation failed for module "ldap"
答案1
使用冗余部分例如
authorize {
redundant {
ldap
files
}
}
如果第一个模块失败,则会调用第二个模块。
如果希望在 LDAP 不可用时启动服务器,请设置池启动配置参数为零。
如果你想忽略 ldap 模块失败的事实
authorize {
ldap {
fail = 1
}
if (fail) {
ok
}
}