I am using freeRADIUS 3.0 with two data sources:
- users file
- openldap
The configuration is working fine, but when freeRADIUS is started at power-on, and LDAP server is not available, freeRADIUS complain and don't start.
So, is there a special configuration do say to freeRADIUS:
"hey, you can't bind now to LDAP, never mind, use only users file as data source." ?
Update 2017.02.11 ===========
/etc/raddb/sites-enabled/default and inner-tunnel files:
authorize {
filter_username
preprocess
auth_log
chap
mschap
digest
suffix
eap {
ok = return
}
files
ldap {
fail = 1
}
if (fail) {
ok
}
expiration
logintime
pap
}
Extract from debug mode:
radiusd -X
FreeRADIUS Version 3.0.16
...
rlm_ldap (ldap): Initialising connection pool
pool {
start = 0
min = 0
max = 32
spare = 0
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 30
spread = no
}
rlm_ldap (ldap): Loading dynamic clients
rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare"
rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
rlm_ldap (ldap): Connecting to ldap://srv1.lan4:636
rlm_ldap (ldap): Bind with uid=radius,ou=users,dc=lan1 to ldap://srv1.lan4:636 failed: Can't contact LDAP server
rlm_ldap (ldap): Opening connection failed (0)
/etc/raddb/mods-enabled/ldap[312]: Error loading clients
/etc/raddb/mods-enabled/ldap[8]: Instantiation failed for module "ldap"
Best Answer
Use the redundant section e.g.
If the first module fails, the second module will be called.
If you want the server to start if LDAP is unavailable set the pool.start configuration parameter to zero.
If you want to ignore the fact that the ldap module failed