Dynamic Clients and ldap threads?
Peter Lambrechtsen
plambrechtsen at gmail.com
Mon Aug 15 04:07:05 CEST 2011
Running Free Radius 2.1.7 against a Novell eDirectory LDAP Database.
We're using Dynamic Clients for approx 1200 NAS element devices and looking
up the Elements in our LDAP database.
Even though we have ldap_connections_number = 50 in the modules/ldap we have
issues with the dynamic clients. We can increase the number higher but it
doesn't seem to make any difference.
Each element sends a heartbeat packet to FR once a second to make sure it's
still alive which we capture very early on in the authorize second and send
a reject.
When we restart FreeRadius and since the LDAP server takes about 30 ms to
reply to the dynamic client lookup any other heartbeat requests get rejected
as unknown clients.
Is the newer versions of FreeRadius use the multiple connections of ldap in
a more efficient way so that the client lookups work more effectively.
Our dynamic clients config is:
server dynamic_client_server {
authorize {
if
("%{ldap:ldap:///ou=Elements,o=Identities?ou?sub?cn=%{Packet-Src-IP-Address}}")
{
update control {
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
FreeRADIUS-Client-Shortname =
"%{ldap:ldap:///ou=Elements,o=Identities?l?sub?cn=%{Packet-Src-IP-Address}}"
FreeRADIUS-Client-NAS-Type = "other"
FreeRADIUS-Client-Secret =
"%{ldap:ldap:///ou=Elements,,o=Identities?ou?sub?cn=%{Packet-Src-IP-Address}}"
}
}
ok
}
}
Is the dynamic clients ldap lookups only single threaded, or have I done
something incorrect with the configuration?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110815/7e748e53/attachment.html>
More information about the Freeradius-Users
mailing list