[EXT] Multiple LDAP servers best practice
Alan DeKok
aland at deployingradius.com
Wed Feb 15 21:52:32 UTC 2023
On Feb 15, 2023, at 4:42 PM, Tony Skalski <ajs at stolaf.edu> wrote:
>
> We do have "idle_timeout = 60" set, but also "lifetime = 0". Does "lifetime = 0" mean 0 seconds or infinite?
It means "infinite".
If a connection hits idle_timeout, it will be closed. This may cause it to temporarily have fewer than "min" connections open.
> And we are on the RH-approved 3.0.20.
Yeah, that's 3 years old. There have been many bugs fixed and features added since then.
RH was *very* energetic about upgrading everything to OpenSSL 3, even in an allegedly "stable" release. But for FreeRADIUS, they never upgrade.
I would very much recommend dropping the RH packages, and using the ones from http://packages.networkradius.com. Those packages are up to date, and contain all known fixes.
I don't know what the benefit is of staying with the RH packages. RH *will not* do bug fixes for you. They will only do security fixes, of which there are very few.
I'm sure RH is a nice company, but their history of "supporting" FreeRADIUS is largely limited to taking money, and telling people "we won't upgrade our packages to a newer version of the server".
Alan DeKok.
More information about the Freeradius-Users
mailing list