first auth needs 20s

Michael Messner michael.messner_edv at inode.at
Tue Sep 19 11:30:35 CEST 2006


hey mailinglist,

 I have a little prob. with the first login via the radiusserver, it looks
like this

MS-Active directory -- freeradius 1.1.2 -- cisco or enterasys switch

If I restart the radiusd the first try for a login needs about 20 seconds:

[root at Xradius ~]# time echo "User-Name = mmessner, User-Password = m1k3" |
radclient -c1 -s 127.0.0.1:1645 auth testing123
Received response ID 106, code 2, length = 71
        Tunnel-Type:1 = VLAN
        Tunnel-Medium-Type:1 = IEEE-802
        Tunnel-Private-Group-Id:1 = "1"
        Reply-Message = "Welcome mmessner in the  - Domain"
radclient: received response to request we did not send.

           Total approved auths:  1
             Total denied auths:  0
               Total lost auths:  0

real    0m20.285s
user    0m0.072s
sys     0m0.013s

after this time everything goes fast, also the next login attempts!

freeradius hangs for this time with the message:

radius_xlat:  'CN=Users,DC=isalab,DC=local'
radius_xlat:  'sAMAccountName=mmessner'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to labad01:389, authentication 0

If I sniff the packets on the AD-server in this time there are no LDAP
requests.

any ideas?!?

thanks mIke





More information about the Freeradius-Users mailing list