On 04/29/2013 11:03 PM, FreeRadius List wrote:
Thank you I'll check with the samba people and get a better
understanding of how ntlm_auth works.#
(Sorry for the late reply)
The short version here is: badly.
ntlm_auth talks to winbind. Winbind maintains a single long-lived
connection to a single AD controller.
It can take anything up to 60 seconds for winbind to realise this
connection has gone down, during which time all ntlm_auth will hang or
fail. This has caused us problems on a number of occasions.
So in fact, your approach is interesting to me; have you tested it e.g.
by using iptables/ipfw to block access to an AD controller and seeing if
it fails over?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
