13 LDAP queries for one authorize!
Turbo Fredriksson
turbo at dagdrivarn.se
Wed Aug 22 19:29:27 CEST 2007
I'm working on fine tuning my radiusd.conf file, and found that
I get 13 authorize request to the LDAP server for one XXX (client,
request, logon?!).
I have 802.1x (RADIUS) enabled on my WiFi router, and when requesting
a network on my client, there's 13 authorize requests... Using multilog
which logs exactly when every line is done, all 13 requests is done during
the same second, but it still seem to be 13 requests... ?
The thing that strikes me is that first it returns 'notfound' then on the
line below it returns 'updated'...
Including my radiusd.conf, the 'users' file (stripped of comments and
no sensitive info) (192.168.1.254 is the WiFi Router).
Also, in the ldap filter, I have '(!(accountStatus=disabled))' which don't
seem to work as expected.. I DO get a failure in the authorization section,
but the EAP is still done (and succeedes, hence no failures):
Logfile 1 is without the 'accountStatus' attribute, and logfile 2 is with
the account disabled... In the disabled state, I get 'only' 12 authorize
request for some reason... ?
On the other hand (looking closer on a "grep '^ modcall' logoutput") shows
that there are NINE requests... ? And that it's enough if ONE authorization
module succeeds for the authorization to be OK... ?
Attatchments to bug, so the files in question is now on http://bayour.com/problems/freeradius/.
More information about the Freeradius-Users
mailing list