HAWKER, Dan \(external\)
2007-Jul-11 12:42 UTC
[Fedora-directory-users] UNCLASSIFIED - Linux Client Configurations & LDAP Failover
Hi All, First off, apologies for the tagline. Work has gone mad ensuring we tag all outgoing emails with appropriate classifications. Very irritating :( Anyway... Not sure if this is strictly OT, however I''m having some trouble configuring my Linux clients to failover to secondary FDS boxes quickly enough. By that I mean, it all works (ppl can login, get home dirs, etc) however, despite adding a second FDS server to the clients ldap.conf file, and fiddling with the bind_timelimit and other settings (with no real change), if the first FDS box in the list fails for whatever reason, (panic, scheduled downtime, upgrades, etc) it takes the client(s) some time to failover to using the second LDAP box. During this time general access and logins slow to a crawl until the primary is back up again. My FDS boxes are FC5 with FDS 1.0.2 and my clients are all RHEL4/5 and FC4-7 boxes. BIND is also running on these two FDS boxes, however that fails over as expected. Has anyone some *best practice* guidelines/docs they can point me towards or some personal experiences/anecdotes so I can hopefully configure my clients such that a failure in a FDS box is almost un-noticeable by my clients boxes. TIA Dan -- Dan Hawker Linux System Administrator PMS x5602 -- This email (including any attachments) may contain confidential and/or privileged information or information otherwise protected from disclosure. If you are not the intended recipient, please notify the sender immediately, do not copy this message or any attachments and do not use it for any purpose or disclose its content to any person, but delete this message and any attachments from your system. Astrium disclaims any and all liability if this email transmission was virus corrupted, altered or falsified. --------------------------------------------------------------------- Astrium Limited, Registered in England and Wales No. 2449259 Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England
Steve Rigler
2007-Jul-11 12:51 UTC
Re: [Fedora-directory-users] UNCLASSIFIED - Linux Client Configurations & LDAP Failover
On Wed, 2007-07-11 at 13:42 +0100, HAWKER, Dan (external) wrote:> Not sure if this is strictly OT, however I''m having some trouble > configuring my Linux clients to failover to secondary FDS boxes quickly > enough. >Dan, We had the same issue. It seems like nss_ldap fails over after a reasonable timeout, but applications like autofs will take much longer. Also, if you have two servers and all of your clients are configured to talk to them in the same order (if server1 is down use server2), then server2 would be idle until server1 is down. We use Piranha to get around this. This way we can count on both servers being equally utilized and clients fail over seamlessly (so seamless they don''t even realize they''ve failed over). I don''t know if this is the "prescribed" way of handling it, but it works well for us. -Steve