On Sep 29, 2016, at 10:14 AM, Philipp Trenz <mail@philipptrenz.de> wrote:
Thanks for your help! The main problem was to notice, that the ldap user has rights to search through ldap, but was denied to get the NT-Password Hash because its IP was not recognized. ldap authentification now runs like a charm!
That's a common issue.
Only thing left is, that freeradius seems not to close the ldap-connection. The ldap-admin says there are "error 11"s while the connection runs into a timeout and ldap then closes the connection after 60s or so. Any guesses where to start?
FreeRADIUS re-uses the same LDAP connection for multiple requests. This is for performance.
Freeradius is also configured to work with Accounting, is FR trying to hold the connection for setting attributes or something like this?
If you have one user authenticating, opening and then closing the LDAP connection is fine. If you have thousands of users authenticating, you want to re-use connections for multiple users. Alan DeKok.