3.1 and LDAP
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Dec 2 05:59:15 CET 2015
> On 1 Dec 2015, at 23:37, Tynan Young <tynany at gmail.com> wrote:
>
>>> It really just seems like the LDAP server isn't responding quickly enough.
>>
>> Okay, I'll start doing some debugging on the active directory LDAP
>> side of things.
>>
>
> So after doing more packet captures I discovered that freeradius was
> querying an active directory server that has been decommissioned. Not
> sure why it was querying this server as it was not referenced anywhere
> in the freeradius config,
Because you enabled reference following, and resolving something in the tree provided by your initial set of servers
ended up causing libldap to rebind to the decommissioned server.
> but after looking into active directory DNS
> I found this decommissioned server still existed under domaindnszones
> and forestdnszones. Since removing the decommissioned server DNS
> entries everything appears to be golden.
>
> Appreciate you pointing me in the right direction.
No problem
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151201/86d3088f/attachment.sig>
More information about the Freeradius-Users
mailing list