Help for configuration 3.0.11

Alan DeKok aland at
Thu Sep 29 16:21:44 CEST 2016

On Sep 29, 2016, at 10:14 AM, Philipp Trenz <mail at> wrote:
> Thanks for your help! The main problem was to notice, that the ldap user has rights to 
> search through ldap, but was denied to get the NT-Password Hash because its IP was not 
> recognized. ldap authentification now runs like a charm!

  That's a common issue.

> Only thing left is, that freeradius seems not to close the ldap-connection. The ldap-admin 
> says there are "error 11"s while the connection runs into a timeout and ldap then closes 
> the connection after 60s or so. Any guesses where to start?

  FreeRADIUS re-uses the same LDAP connection for multiple requests.  This is for performance.

> Freeradius is also configured to work with Accounting, is FR trying to hold the connection 
> for setting attributes or something like this?

  If you have one user authenticating, opening and then closing the LDAP connection is fine.  If you have thousands of users authenticating, you want to re-use connections for multiple users.

 Alan DeKok.

More information about the Freeradius-Users mailing list