Ldap query
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Mar 10 16:26:30 CET 2016
> On 10 Mar 2016, at 15:04, Franks Andy (IT Technical Architecture Manager) <Andy.Franks at sath.nhs.uk> wrote:
>
> Hi all,
> FR 3.1.0 64aa7f9
> I'm trying to get to the bottom of the ldap issues we're seeing with AD within freeradius. Basically when we take down one AD server (we have two sites, doesn't matter which it is), the ldap lookups from Freeradius have massive issues with timeouts, failure to bind errors etc.
Post your ldap configuration (redacted), and packet traces, and debug output. You can do it off list if you'd like.
> Now, I'd say this was an issue with AD, but we've tried this with various tools now, both linux and windows based, and we don't see any issues using, for example, ldapsearch, from the same server where FR is struggling.
Have you configured network timeouts? Do you have obscenely large connection pools? What is the server doing when AD goes down?
> Obviously I would love it if someone would say "oh yes, you need to change /etc/ldap/ ... " but that's not so likely, so I wanted just any information on what ldap libraries FR uses
OpenLDAP's libldap, exactly the same as ldapsearch et al.
> whether some of the code is internal or not so I can start to try and find a solution as I'm guessing this will be a management reason to go towards clearpass.
You know clearpass is still FreeRADIUS right? It'll have exactly the same issues, except then you'll introduce multiple layers between the people supporting the product and the people writing the code.
If it's a support issue you may want to consider pinging sales at networkradius.com, there is support available, and it may be most cost effective than other commercial solutions.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160310/610837b8/attachment.sig>
More information about the Freeradius-Users
mailing list