Error: Ignoring duplicate packet, LDAP performance
uj2.hahn at posteo.de
uj2.hahn at posteo.de
Fri Feb 28 16:30:48 CET 2020
On 28.02.2020 14:08, Alan DeKok wrote:
> On Feb 28, 2020, at 8:04 AM, uj2.hahn at posteo.de wrote:
>>> Why is that user special? i.e. what is different about that user account, versus the normal user accounts?
>> Nothing! It is a normal user account I provide manually, e.g. my own.
> If normal users don't get these redirects or blocking behaviour, then *something* is different.
It is only the use model in this special case: to have 15 auth requests
with same credentials at same time (or at
least within few seconds).
But I got enough hints and ideas from you to run some tests and experiments.
I can give feedback as soon as I have a solution or a better
understanding what is going on.
Thanks
Uwe
>
>>> And what are you doing with LDAP in the post-auth section?
>> Group checking to start some authorizing, e.g. students have login time limitations but teachers don't have limitations.
> That should be fine.
>
> But... if the AD server is giving out referrals, then it's likely misconfigured. It should just answer the query itself.
>
>>> Your LDAP server is referring the query to a different AD domain. That's pretty clear.
>> I guess this is a LDAP server configuration issue, I need ldap://moritz.local only. Or can I tweak the LDAP query
>> to focus on this domain only?
> No. The issue isn't the LDAP query. The issue is that the AD server thinks the information isn't available at that DN. Instead, it gives a referral.
>
> So... fix the AD server to have the information at that DN. This is all AD magic, and I (very deliberately) know nothing about it.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list