Load balance LDAP servers for group checking

Petar Marinkovic highl1 at gmail.com
Fri May 12 18:36:11 CEST 2017 

I have this in my ldap module config

        # seconds to wait for LDAP query to finish. default: 20
        timeout = 4

        #  seconds LDAP server has to process the query (server-side
        #  time limit). default: 20
        #
        #  LDAP_OPT_TIMELIMIT is set to this value.
        timelimit = 3

        #
        #  seconds to wait for response of the server. (network
        #   failures) default: 10
        #
        #  LDAP_OPT_NETWORK_TIMEOUT is set to this value.
        net_timeout = 1

And I am almost positve that I didn't change this one. Does this means I am
only allowing 4 seconds for LDAP query to finish, and only 3 for LDAP to
process? Also, timeout is just 1 second, which seems pretty low.
Guess that if my settings here are wrong, I can fix my problem just by
setting bigger values, since the LDAP is not down

Thanks for all your help!

On Fri, May 12, 2017 at 6:24 PM, Stefan Paetow <Stefan.Paetow at jisc.ac.uk>
wrote:

> > Well, LDAP is Windows AD, and they're constantly up, I more think it's a
> > issue from the KVM running freeradius VM, that for some reason networking
> > is lost, or the switches. I would get failed authentications somewhere
> else
> > as well, not just through freeradius with group AD check.
>
> Well... Active Directory *loves* referrals and if one of the DCs that is
> being referred to is slow to respond you get... timeouts.
>
> It may not be related to your case, but keep that in mind too.
>
> Stefan Paetow
> Moonshot Industry & Research Liaison Coordinator
>
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: stefanp at jabber.dev.ja.net
> skype: stefan.paetow.janet
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>

More information about the Freeradius-Users mailing list