"redundant" block works in "default" virtual server, but does not work in "inner-tunnel".

Jorge Pereira jpereira at freeradius.org
Thu Mar 3 17:00:51 UTC 2022 

Well… based on that log output.

> (633)           group {
> (633)             redundant {
> rlm_ldap (ldap_personel): Closing connection (10): Hit idle_timeout, was
> idle for 53546 seconds
> rlm_ldap (ldap_personel): Closing connection (12): Hit idle_timeout, was
> idle for 53529 seconds
> rlm_ldap (ldap_personel): Closing connection (11): Hit idle_timeout, was
> idle for 53522 seconds
> rlm_ldap (ldap_personel): You probably need to lower "min"
> rlm_ldap (ldap_personel): Closing connection (13): Hit idle_timeout, was
> idle for 53521 seconds
> rlm_ldap (ldap_personel): You probably need to lower "min"
> rlm_ldap (ldap_personel): 0 of 0 connections in use.  You  may need to
> increase "spare"
> rlm_ldap (ldap_personel): Opening additional connection (14), 1 of 32
> pending slots used
> rlm_ldap (ldap_personel): Connecting to ldap://95.183.213.8:389
> rlm_ldap (ldap_personel): Waiting for bind result...
> rlm_ldap (ldap_personel): Bind successful
> rlm_ldap (ldap_personel): Reserved connection (14)
> (633) ldap_personel: EXPAND (&(email=%{User-Name})(objectClass=kPerson))
> (633) ldap_personel:    --> (&(email=ogr1 at erzurum.edu.tr
> )(objectClass=kPerson))
> (633) ldap_personel: Performing search in "cn=personel,dc=etu" with filter
> "(&(email=ogr1 at erzurum.edu.tr)(objectClass=kPerson))", scope "sub"
> (633) ldap_personel: Waiting for search result...
> (633) ldap_personel: Search returned no results
> rlm_ldap (ldap_personel): Released connection (14)
> Need 1 more connections to reach min connections (2)
> rlm_ldap (ldap_personel): Opening additional connection (15), 1 of 31
> pending slots used
> rlm_ldap (ldap_personel): Connecting to ldap://95.183.213.8:389
> rlm_ldap (ldap_personel): Waiting for bind result...
> rlm_ldap (ldap_personel): Bind successful
> (633)               [ldap_personel] = notfound
> (633)             } # redundant = notfound

The “redundant{}” is working as well. Therefore, your LDAP query is replying not found.


> (633)   Invalid user (Auth Source Reject: [ogr1 at erzurum.edu.tr] No matching
> user found in authentication source!): [ogr1 at erzurum.edu.tr] (from client
> rektorluk port 0 cli 3233fb9fb6d3 via TLS tunnel) Called-Station-ID:
> a8bd27c04dac Calling-Station-ID: 3233fb9fb6d3 Auth-Type:

Well, the “invalid user”, so…..

> 
> (633)       update outer.session-state {
> (633)         &Module-Failure-Message := &request:Module-Failure-Message ->
> 'Auth Source Reject: [ogr1 at erzurum.edu.tr] No matching user found in
> authentication source!'
> (633)       } # update outer.session-state = noop

> 
> Any idea why "redundant" behaves different in the inner-tunnel or what am I
> missing?
> 

Again, the “redundant{}” is working as well. Please, take a look again at the logs and you will see that the error messages are pretty clear: “No matching user found"


—
Jorge Pereira

> Regards,
> 
> Rahman Duran
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Jorge Pereira
jpereira at networkradius.com

More information about the Freeradius-Users mailing list