LDAP timeouts
Alan DeKok
aland at deployingradius.com
Sat Jan 16 10:54:14 CET 2010
freeradius at corwyn.net wrote:
> The Windows environment works, with one quirk, if no one has logged in
> for a while (~15-30 min), the next user gets:
>
> Thu Jan 14 19:31:51 2010 : Error: rlm_ldap: ldap_search() failed: LDAP
> connection lost.
> Thu Jan 14 19:31:51 2010 : Info: rlm_ldap: Attempting reconnect
> Thu Jan 14 19:31:51 2010 : Auth: Login OK: [user] (from client VPN port 0)
You can change the timeout on the LDAP server. Maybe the LDAP client
libraries also support a "keepalive".
> The end user reports that the first attempt to login fails, but the
> second succeeds. Further attempts will succeed until it's been a while
> since anyone logged in.
If the first one fails, I would suspect it's because the ldap module
times out trying to re-connect to the server. i.e. the "new connection"
attempt takes 30-40 seconds. Go fix that.
> That's only true for VPN users, logging into a Cisco never causes the
> same issue - works every time. Both servers refer to the same ldap module.
<shrug> Run the server in debugging mode to see why. If you're
getting tiny amounts of traffic, this shouldn't be a problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list