Auth-Type Fall-Through & ldap timeouts
lists at kokelnet.de
Wed Apr 18 14:51:29 CEST 2012
Am 18.04.2012 14:36, schrieb Phil Mayers:
> On 18/04/12 13:16, Tobias Hachmer wrote:
>> Ok, I configure the same users, these are about 10-15 users, which
>> are stored in Active Directory, in the sql database. The sql
>> schould be used for authentication only if the ldap servers are not
> So the SQL server contains an "emergency" subset of the real users?
Yes, that's what I tried to explain.
>> So I just sniffed the network for packets and recognized that my
>> freeradius machine sends out a lot of arp packets for the dns
>> server. Then I added the ldap server to the hosts file and now the
>> net_timeout = 1 seems to work. The timeouts now are ok and the first
>> radius-request is answered in time.
> Ok, that's good to know.
> This is sort of what I mean when I refer to libldap having an API
> that is sub-optimal in some cases; the net_timeout should really
> to an entire connection attempt, not just the connect() or read()
> It's hard to know what FreeRADIUS can do about this; maybe there is
> scope for some kind of long-lived helper process that pools and polls
> the LDAP servers, pro-actively detecting failures. But it seems a
> complex solution.
I worried about this, so I asked for any other opportunities.
More information about the Freeradius-Users