I'm running FreeRadius 2.0.1 on OpenBSD 4.2 on sparc64. I've also tried versions 1.0.6 and 1.1.6. I'm using OpenLDAP 2.3.33 with rlm_ldap. It works for the first request, then returns the following: From FreeRadius: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 2362, id=66, length=56 User-Name = "zach" User-Password = "*****" NAS-IP-Address = 192.168.2.11 NAS-Port = 1812 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "zach", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for zach WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=zach) expand: o=zachlowry.net,c=US -> o=zachlowry.net,c=US rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=zachlowry.net,c=US, with filter (uid=zach) rlm_ldap: ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout. rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [zach/*****] (from client localhost port 1812) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> zach attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 66 to 127.0.0.1 port 2362 Waking up in 4.9 seconds. Cleaning up request 2 ID 66 with timestamp +113 Ready to process requests. From OpenLDAP: Mar 1 10:25:01 tweedledum slapd[9985]: conn=8483 op=4 SRCH base="o=zachlowry.net,c=US" scope=2 deref=0 filter="(uid=zach)" Mar 1 10:25:01 tweedledum slapd[9985]: conn=8483 op=4 SRCH attr=radiusNASIpAddress radiusExpiration acctFlags sambaNtPassword sambaLmPassword ntPassword lmPassword radiusCallingStationId radiusCalledStationId radiusSimultaneousUse radiusAuthType radiusCheckItem radiusReplyMessage radiusLoginLATPort radiusPortLimit radiusFramedAppleTalkZone radiusFramedAppleTalkNetwork radiusFramedAppleTalkLink radiusLoginLATGroup radiusLoginLATNode radiusLoginLATService radiusTerminationAction radiusIdleTimeout radiusSessionTimeout radiusClass radiusFramedIPXNetwork radiusCallbackId Mar 1 10:25:01 tweedledum slapd[9985]: conn=8483 op=4 SRCH attr=radiusCallbackNumber radiusLoginTCPPort radiusLoginService radiusLoginIPHost radiusFramedCompression radiusFramedMTU radiusFilterId radiusFramedRouting radiusFramedRoute radiusFramedIPNetmask radiusFramedIPAddress radiusFramedProtocol radiusServiceType radiusReplyItem userPassword Mar 1 10:25:01 tweedledum slapd[9985]: conn=8483 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= Mar 1 10:25:01 tweedledum slapd[9985]: conn=8483 op=5 ABANDON msg=5 I can't find where the ABANDON is sent to the LDAP server. The "increase the timeout" error is found easily enough in rlm_ldap.c, but I can't figure out what timeout to increase. I think there's a deeper issue afoot, however. Thanks, --Zach