Hi Alan,
Thanks for your information.
Regards,
Nikitha
On 2/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
nikitha wrote:
When the request comes to the radius server, it goes one entry by entry
in users file, ie., It connects to ldap-server-1 with the Ldap-Group
tries from g1 till g20, and then connects to ldap-server-2 with
Ldap-Group from g21' till g50. If the user is part of Ldap-group g50
it takes more time to return success, before itself the request times
out, and received eap start again from wireless client.
Yes. The LDAP query results aren't cached.
If the number of DEFAULT entry for ldap-server-1 is less than 10, then
it works fine. If the default entry increases, the server takes more
time to process.
Yes, the solution is to not configure so many queries that the server
slows down.
I think redundant ldap server configuration is not correct or in some
otherway we can fix it. Is it possible to configure the radius server in
such a way that, try ldap-server-1 for the first policy, if its
reachable then check it against the next policy.
For LDAP-Group checking, no.
If its not reachable mark this server as dead or whatever and ignore
processing the next coming DEFAULT entries which matches with
ldap-server-1 and try to process ldap-server-2 entries.
That may be possible with source code patches. i.e. If an LDAP server
is marked dead, don't try to contact it for a few seconds. That would
help your configuration a lot. But your configuration is an artificial
one that highlights a problem.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html