Pieter Droogendijk <[EMAIL PROTECTED]> wrote: > The solution we came up with, in the first place, was to disable the > password authentication. The new systems (which use freeradius) > however, should include authentication as well. But since the > overall timeout is only 6 seconds, and the LDAP gets some extreme > loads at certain times, we can't reach that.
Then I would suggest upgrading the machine running the LDAP server. The alternative, if the per-user LDAP configuration is *very* simple, is to write a 'cache' module, which will cache username/passwords, so that the LDAP server isn't hammered. > What I need is something in between the two solutions; REJECT if the > authorization takes longer then X seconds, ACCEPT if the password > authentication takes longer then Y seconds, Authentication is taking 2 seconds, against the LDAP server? There's GOT to be a better way... > or send an ACCEPT or REJECT according to succesful authorization and > authentication responses, where X+Y<6. That's a horrendously evil hack, and I would strongly advise against it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html