first auth needs 20s
Peter Nixon
listuser at peternixon.net
Tue Sep 19 14:51:08 CEST 2006
Is FreeRADIUS connecting to AD with DNS or IP?
-Peter
On Tue 19 Sep 2006 12:30, Michael Messner wrote:
> hey mailinglist,
>
> I have a little prob. with the first login via the radiusserver, it looks
> like this
>
> MS-Active directory -- freeradius 1.1.2 -- cisco or enterasys switch
>
> If I restart the radiusd the first try for a login needs about 20 seconds:
>
> [root at Xradius ~]# time echo "User-Name = mmessner, User-Password = m1k3" |
> radclient -c1 -s 127.0.0.1:1645 auth testing123
> Received response ID 106, code 2, length = 71
> Tunnel-Type:1 = VLAN
> Tunnel-Medium-Type:1 = IEEE-802
> Tunnel-Private-Group-Id:1 = "1"
> Reply-Message = "Welcome mmessner in the - Domain"
> radclient: received response to request we did not send.
>
> Total approved auths: 1
> Total denied auths: 0
> Total lost auths: 0
>
> real 0m20.285s
> user 0m0.072s
> sys 0m0.013s
>
> after this time everything goes fast, also the next login attempts!
>
> freeradius hangs for this time with the message:
>
> radius_xlat: 'CN=Users,DC=isalab,DC=local'
> radius_xlat: 'sAMAccountName=mmessner'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to labad01:389, authentication 0
>
> If I sniff the packets on the AD-server in this time there are no LDAP
> requests.
>
> any ideas?!?
>
> thanks mIke
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060919/8d103684/attachment.pgp>
More information about the Freeradius-Users
mailing list