Error: Ignoring duplicate packet, LDAP performance

Alan DeKok aland at deployingradius.com
Fri Feb 28 14:08:48 CET 2020


On Feb 28, 2020, at 8:04 AM, uj2.hahn at posteo.de wrote:
>>   Why is that user special?  i.e. what is different about that user account, versus the normal user accounts?
> 
> Nothing! It is a normal user account I provide manually, e.g. my own.

  If normal users don't get these redirects or blocking behaviour, then *something* is different.

>>   And what are you doing with LDAP in the post-auth section?
> Group checking to start some authorizing, e.g. students have login time limitations but teachers don't have limitations.

  That should be fine.

  But... if the AD server is giving out referrals, then it's likely misconfigured.  It should just answer the query itself.

>>   Your LDAP server is referring the query to a different AD domain.  That's pretty clear.
> 
> I guess this is a LDAP server configuration issue, I need ldap://moritz.local only. Or can I tweak the LDAP query
> to focus on this domain only?

  No.  The issue isn't the LDAP query.  The issue is that the AD server thinks the information isn't available at that DN.  Instead, it gives a referral.

  So... fix the AD server to have the information at that DN.   This is all AD magic, and I (very deliberately) know nothing about it.

  Alan DeKok.




More information about the Freeradius-Users mailing list