Error: Ignoring duplicate packet, LDAP performance

uj2.hahn at uj2.hahn at
Fri Feb 28 16:30:48 CET 2020

On 28.02.2020 14:08, Alan DeKok wrote:
> On Feb 28, 2020, at 8:04 AM, uj2.hahn at wrote:
>>>    Why is that user special?  i.e. what is different about that user account, versus the normal user accounts?
>> Nothing! It is a normal user account I provide manually, e.g. my own.
>    If normal users don't get these redirects or blocking behaviour, then *something* is different.
It is only the use model in this special case: to have 15 auth requests 
with same credentials at same time (or at
least within few seconds).

But I got enough hints and ideas from you to run some tests and experiments.
I can give feedback as soon as I have a solution or a better 
understanding what is going on.
>>>    And what are you doing with LDAP in the post-auth section?
>> Group checking to start some authorizing, e.g. students have login time limitations but teachers don't have limitations.
>    That should be fine.
>    But... if the AD server is giving out referrals, then it's likely misconfigured.  It should just answer the query itself.
>>>    Your LDAP server is referring the query to a different AD domain.  That's pretty clear.
>> I guess this is a LDAP server configuration issue, I need ldap://moritz.local only. Or can I tweak the LDAP query
>> to focus on this domain only?
>    No.  The issue isn't the LDAP query.  The issue is that the AD server thinks the information isn't available at that DN.  Instead, it gives a referral.
>    So... fix the AD server to have the information at that DN.   This is all AD magic, and I (very deliberately) know nothing about it.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list