6 May
2013
6 May
'13
9:24 a.m.
On 04/29/2013 11:03 PM, FreeRadius List wrote:
Thank you I'll check with the samba people and get a better understanding of how ntlm_auth works.#
(Sorry for the late reply) The short version here is: badly. ntlm_auth talks to winbind. Winbind maintains a single long-lived connection to a single AD controller. It can take anything up to 60 seconds for winbind to realise this connection has gone down, during which time all ntlm_auth will hang or fail. This has caused us problems on a number of occasions. So in fact, your approach is interesting to me; have you tested it e.g. by using iptables/ipfw to block access to an AD controller and seeing if it fails over?