Load balance LDAP servers for group checking

Alan DeKok aland at deployingradius.com
Fri May 12 18:52:59 CEST 2017

On May 12, 2017, at 12:19 PM, Petar Marinkovic <highl1 at gmail.com> wrote:
> Well, LDAP is Windows AD, and they're constantly up, I more think it's a
> issue from the KVM running freeradius VM, that for some reason networking
> is lost, or the switches.

  That's possible, too.

> I would get failed authentications somewhere else
> as well, not just through freeradius with group AD check.

  Maybe.  But with v2, FreeRADIUS is probably doing more LDAP queries than anything else.

> At v3, how long are the group checks cached? Is there a setting it can be
> defined or ? Also, does that mean at the next re-authentication request, it
> will check the MAC address and certificate, but will use the cached group
> value?

  No.  Each request is independent of others.

  When it does the first LDAP group check, it caches *all* of the groups.  So that subsequent group checks for the same request use the cached entries.

  Alan DeKok.

More information about the Freeradius-Users mailing list