freerad...@corwyn.net wrote: > The Windows environment works, with one quirk, if no one has logged in > for a while (~15-30 min), the next user gets: > > Thu Jan 14 19:31:51 2010 : Error: rlm_ldap: ldap_search() failed: LDAP > connection lost. > Thu Jan 14 19:31:51 2010 : Info: rlm_ldap: Attempting reconnect > Thu Jan 14 19:31:51 2010 : Auth: Login OK: [user] (from client VPN port 0)
You can change the timeout on the LDAP server. Maybe the LDAP client libraries also support a "keepalive". > The end user reports that the first attempt to login fails, but the > second succeeds. Further attempts will succeed until it's been a while > since anyone logged in. If the first one fails, I would suspect it's because the ldap module times out trying to re-connect to the server. i.e. the "new connection" attempt takes 30-40 seconds. Go fix that. > That's only true for VPN users, logging into a Cisco never causes the > same issue - works every time. Both servers refer to the same ldap module. <shrug> Run the server in debugging mode to see why. If you're getting tiny amounts of traffic, this shouldn't be a problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html