"redundant" block works in "default" virtual server, but does not work in "inner-tunnel".
Jorge Pereira
jpereira at freeradius.org
Thu Mar 3 17:00:51 UTC 2022
Well… based on that log output.
> (633) group {
> (633) redundant {
> rlm_ldap (ldap_personel): Closing connection (10): Hit idle_timeout, was
> idle for 53546 seconds
> rlm_ldap (ldap_personel): Closing connection (12): Hit idle_timeout, was
> idle for 53529 seconds
> rlm_ldap (ldap_personel): Closing connection (11): Hit idle_timeout, was
> idle for 53522 seconds
> rlm_ldap (ldap_personel): You probably need to lower "min"
> rlm_ldap (ldap_personel): Closing connection (13): Hit idle_timeout, was
> idle for 53521 seconds
> rlm_ldap (ldap_personel): You probably need to lower "min"
> rlm_ldap (ldap_personel): 0 of 0 connections in use. You may need to
> increase "spare"
> rlm_ldap (ldap_personel): Opening additional connection (14), 1 of 32
> pending slots used
> rlm_ldap (ldap_personel): Connecting to ldap://95.183.213.8:389
> rlm_ldap (ldap_personel): Waiting for bind result...
> rlm_ldap (ldap_personel): Bind successful
> rlm_ldap (ldap_personel): Reserved connection (14)
> (633) ldap_personel: EXPAND (&(email=%{User-Name})(objectClass=kPerson))
> (633) ldap_personel: --> (&(email=ogr1 at erzurum.edu.tr
> )(objectClass=kPerson))
> (633) ldap_personel: Performing search in "cn=personel,dc=etu" with filter
> "(&(email=ogr1 at erzurum.edu.tr)(objectClass=kPerson))", scope "sub"
> (633) ldap_personel: Waiting for search result...
> (633) ldap_personel: Search returned no results
> rlm_ldap (ldap_personel): Released connection (14)
> Need 1 more connections to reach min connections (2)
> rlm_ldap (ldap_personel): Opening additional connection (15), 1 of 31
> pending slots used
> rlm_ldap (ldap_personel): Connecting to ldap://95.183.213.8:389
> rlm_ldap (ldap_personel): Waiting for bind result...
> rlm_ldap (ldap_personel): Bind successful
> (633) [ldap_personel] = notfound
> (633) } # redundant = notfound
The “redundant{}” is working as well. Therefore, your LDAP query is replying not found.
> (633) Invalid user (Auth Source Reject: [ogr1 at erzurum.edu.tr] No matching
> user found in authentication source!): [ogr1 at erzurum.edu.tr] (from client
> rektorluk port 0 cli 3233fb9fb6d3 via TLS tunnel) Called-Station-ID:
> a8bd27c04dac Calling-Station-ID: 3233fb9fb6d3 Auth-Type:
Well, the “invalid user”, so…..
>
> (633) update outer.session-state {
> (633) &Module-Failure-Message := &request:Module-Failure-Message ->
> 'Auth Source Reject: [ogr1 at erzurum.edu.tr] No matching user found in
> authentication source!'
> (633) } # update outer.session-state = noop
>
> Any idea why "redundant" behaves different in the inner-tunnel or what am I
> missing?
>
Again, the “redundant{}” is working as well. Please, take a look again at the logs and you will see that the error messages are pretty clear: “No matching user found"
—
Jorge Pereira
> Regards,
>
> Rahman Duran
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jorge Pereira
jpereira at networkradius.com
More information about the Freeradius-Users
mailing list