On 06/05/2013 14:40, John Douglass wrote:
ntlm_auth talks to winbind. Winbind maintains a single long-lived
connection to a single AD controller.
It can take anything up to 60 seconds for winbind to realise this
connection has gone down, during which time all ntlm_auth will hang or
fail. This has caused us problems on a number of occasions.
So in fact, your approach is interesting to me; have you tested it
e.g. by using iptables/ipfw to block access to an AD controller and
seeing if it fails over?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
I wrote a script that does an eapol_test every minute. If it fails, it
immediately tries twice more. If THAT fails, then I restart winbind,
restart radius, and things continue on their happy way.
That'll work too, although I wonder why you're not just calling ntlm_auth?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
