Load balance LDAP servers for group checking
Alan DeKok
aland at deployingradius.com
Fri May 12 18:52:59 CEST 2017
On May 12, 2017, at 12:19 PM, Petar Marinkovic <highl1 at gmail.com> wrote:
>
> Well, LDAP is Windows AD, and they're constantly up, I more think it's a
> issue from the KVM running freeradius VM, that for some reason networking
> is lost, or the switches.
That's possible, too.
> I would get failed authentications somewhere else
> as well, not just through freeradius with group AD check.
Maybe. But with v2, FreeRADIUS is probably doing more LDAP queries than anything else.
> At v3, how long are the group checks cached? Is there a setting it can be
> defined or ? Also, does that mean at the next re-authentication request, it
> will check the MAC address and certificate, but will use the cached group
> value?
No. Each request is independent of others.
When it does the first LDAP group check, it caches *all* of the groups. So that subsequent group checks for the same request use the cached entries.
Alan DeKok.
More information about the Freeradius-Users
mailing list