Daniel Davidson <dani...@igb.uiuc.edu> wrote: > > My new wireless network tested great, but now that I have rolled it out > to the entire building, I get error messages like: > > Mon May 2 15:15:06 2011 : Error: rlm_ldap: ldap_search() failed: Timed > out while waiting for server to respond. Please increase the timeout. > > And when these trigger, nearly everyone gets disconnected for about 5 > seconds. Possible relevant code from ldap module: > > ldap { > #private stuff <-- BUT CRUCIAL! > ldap_connections_number = 15 > timeout = 10 > timelimit = 10 > net_timeout = 5 > } > > The only existing firewalls are on the machines themselves and the ip > range of the servers are open with each other. Any ideas? > I am guessing your LDAP server is *way* too slow when processing the queries are making it munch through. Typical 'first-timer' mistakes are that you are not indexing the important attribtues. For example our filter looks like:
filter = "(&(objectClass=Person)(|(businessCategory=staff)(businessCategory=student)(cn=avg*))(|(!(loginDisabled=*))(loginDisabled=FALSE))(cn=%{Stripped-User-Name}))" This takes ~0.02s to respond for us, how long does it take to process the query at your end (test with the following and remember to test the server when it is under load, which is probably why it worked before you widely deployed it): ---- time ldapsearch -h ldap-server.example.com -x -LLL '<query>' ---- Where <query> is what you see FreeRADIUS make in the output of 'radiusd -X'. Cheers -- Alexander Clouter .sigmonster says: "Out of register space (ugh)" -- vi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html