Error: Ignoring duplicate packet, LDAP performance

uj2.hahn at posteo.de uj2.hahn at posteo.de
Fri Feb 28 16:30:48 CET 2020



On 28.02.2020 14:08, Alan DeKok wrote:
> On Feb 28, 2020, at 8:04 AM, uj2.hahn at posteo.de wrote:
>>>    Why is that user special?  i.e. what is different about that user account, versus the normal user accounts?
>> Nothing! It is a normal user account I provide manually, e.g. my own.
>    If normal users don't get these redirects or blocking behaviour, then *something* is different.
It is only the use model in this special case: to have 15 auth requests 
with same credentials at same time (or at
least within few seconds).

But I got enough hints and ideas from you to run some tests and experiments.
I can give feedback as soon as I have a solution or a better 
understanding what is going on.
Thanks
Uwe
>
>>>    And what are you doing with LDAP in the post-auth section?
>> Group checking to start some authorizing, e.g. students have login time limitations but teachers don't have limitations.
>    That should be fine.
>
>    But... if the AD server is giving out referrals, then it's likely misconfigured.  It should just answer the query itself.
>
>>>    Your LDAP server is referring the query to a different AD domain.  That's pretty clear.
>> I guess this is a LDAP server configuration issue, I need ldap://moritz.local only. Or can I tweak the LDAP query
>> to focus on this domain only?
>    No.  The issue isn't the LDAP query.  The issue is that the AD server thinks the information isn't available at that DN.  Instead, it gives a referral.
>
>    So... fix the AD server to have the information at that DN.   This is all AD magic, and I (very deliberately) know nothing about it.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list