Am 18.04.2012 14:36, schrieb Phil Mayers:
On 18/04/12 13:16, Tobias Hachmer wrote:
Ok, I configure the same users, these are about 10-15 users, which
are stored in Active Directory, in the sql database. The sql
database
schould be used for authentication only if the ldap servers are not
available.
So the SQL server contains an "emergency" subset of the real users?
Yes, that's what I tried to explain.
So I just sniffed the network for packets and recognized that my
freeradius machine sends out a lot of arp packets for the dns
server. Then I added the ldap server to the hosts file and now the
net_timeout = 1 seems to work. The timeouts now are ok and the first
radius-request is answered in time.
Ok, that's good to know.
This is sort of what I mean when I refer to libldap having an API
that is sub-optimal in some cases; the net_timeout should really
apply
to an entire connection attempt, not just the connect() or read()
calls.
It's hard to know what FreeRADIUS can do about this; maybe there is
scope for some kind of long-lived helper process that pools and polls
the LDAP servers, pro-actively detecting failures. But it seems a
complex solution.
I worried about this, so I asked for any other opportunities.
Tobias Hachmer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
