LDAP timeouts
freeradius at corwyn.net
freeradius at corwyn.net
Fri Jan 15 02:33:50 CET 2010
I'm currently using freeradius2-2.1.7-2.el5 on CentOS 5.2 for Cisco
and L2TP VPN user authentication (via a Sonicwall firewall), using
LDAP back to a AD environment, with the Windows built in VPN client.
(for very specific details of that environment see my post of Tue,
Dec 1, 2009 at 6:31 PM )
The Cisco environment works flawlessly. Every time I attempt to log
in it works.
The Windows environment works, with one quirk, if no one has logged
in for a while (~15-30 min), the next user gets:
Thu Jan 14 19:31:51 2010 : Error: rlm_ldap: ldap_search() failed:
LDAP connection lost.
Thu Jan 14 19:31:51 2010 : Info: rlm_ldap: Attempting reconnect
Thu Jan 14 19:31:51 2010 : Auth: Login OK: [user] (from client VPN port 0)
The end user reports that the first attempt to login fails, but the
second succeeds. Further attempts will succeed until it's been a
while since anyone logged in.
That's only true for VPN users, logging into a Cisco never causes the
same issue - works every time. Both servers refer to the same ldap module.
I only have about 4 VPN users right now, so I'm thinking it's not a
load problem. In some respecting I'm thinking it's the reverse of a
load problem - that once I have more users on the system there won't
be a long period of time where no one has logged in, and so the
problem will go away.
Thoughts? I'd like for the user to (barring network issues) be able
to log on the first time, every time.
Thanks
Rick
More information about the Freeradius-Users
mailing list