I'm currently using freeradius2-2.1.7-2.el5 on CentOS 5.2 for Cisco and L2TP VPN user authentication (via a Sonicwall firewall), using LDAP back to a AD environment, with the Windows built in VPN client.

(for very specific details of that environment see my post of Tue, Dec 1, 2009 at 6:31 PM )

The Cisco environment works flawlessly. Every time I attempt to log in it works.

The Windows environment works, with one quirk, if no one has logged in for a while (~15-30 min), the next user gets:

Thu Jan 14 19:31:51 2010 : Error: rlm_ldap: ldap_search() failed: LDAP connection lost.
Thu Jan 14 19:31:51 2010 : Info: rlm_ldap: Attempting reconnect
Thu Jan 14 19:31:51 2010 : Auth: Login OK: [user] (from client VPN port 0)

The end user reports that the first attempt to login fails, but the second succeeds. Further attempts will succeed until it's been a while since anyone logged in.

That's only true for VPN users, logging into a Cisco never causes the same issue - works every time. Both servers refer to the same ldap module.

I only have about 4 VPN users right now, so I'm thinking it's not a load problem. In some respecting I'm thinking it's the reverse of a load problem - that once I have more users on the system there won't be a long period of time where no one has logged in, and so the problem will go away.

Thoughts? I'd like for the user to (barring network issues) be able to log on the first time, every time.

Thanks

Rick


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to