Matt Ashfield wrote:
> Our radius server talks to our LDAP server through a firewall.
Don't do that. It's wrong. It breaks the network, as you're discovering.
> I'm wondering
> if this has to do with the session lifetime setting on the firewall?
> there are no authentications taking place (we're in testing mode, and it was
> at least 2-3 hours between client authentications), then I guess this
> connection/session could be timed out by the firewall?
> I just want to know if that makes sense before approaching the firewall guys
> and asking to increase the timeout.
Don't. Put the RADIUS server on the same segment as the LDAP server.
If the security people don't like that, explain that the other choice
is to have the connection to LDAP go down... and then no one can use the
Why anyone thinks it's a good idea to put a firewall between two
servers that need a reliable connection is beyond me.
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html