Auth-Type Fall-Through & ldap timeouts

Tobias Hachmer lists at
Wed Apr 18 10:40:03 CEST 2012

Hello list,

I'm using a sql database for authorization and ldap for authentication.
For fail-over reasons I want to authenticate against user-password 
information stored in my sql database if my ldap servers are not 
available (all ldap modules return fail).

For authentication I configured:

         Auth-Type LDAP {
                 redundant-load-balance {
                 if(fail) {

So I set the network interfaces of my ldap servers manually to down and 
startet testing. But the timeouts for every ldap module are too big 
(circa 50 seconds).
I noticed the timeout directives in the ldap module. In all three ldap 
modules the net_timeout is set to "1".

Question 1: How can I reduce these timeouts?
Question 2: Can I check earlier my ldap servers are available and if 
not skip Auth-Type LDAP or setting Auth-Type to PAP?
Question 3: Are there any other opportunities to do Auth-Type PAP if 
Auth-Type LDAP fails?

Thanks in advance,

Tobias Hachmer

More information about the Freeradius-Users mailing list