Hello Brian,
thanks a lot for the feedback and reporting your experiences!
Kind regards
CorneliusAm Mittwoch, den 10.08.2016, 14:00 -0700 schrieb BrianP:
Hello Cornelius,
Every thing is OK now.
In fact, there was no problem.
Connections via the API were always OK, with one or 2 LDAP servers.
The problem in my case was the response time.
With a single LDAP server, the response times are very long (sometimes
30s).
My tests with radtest all failed because radtest do not wait the
response.
I use PrivacyIdea with Openvpn + plugin radius
By increasing the response time in the radius plugin configuration,
everything works.
Sorry for the noise
Regards
Le mardi 9 août 2016 01:05:43 UTC+2, BrianP a écrit :
Sorry if I am unclear.
I created one ldap resolver with 2 ldap URI like the doc :
http://privacyidea.readthedocs.io/en/latest/configuration/useridresolvers.html?highlight=ldap
If I understand the doc, this configuration create a ldap pool
with round robin strategy.
I will test with debug mode and send more information.
Thanks
Le mardi 9 août 2016 00:37:52 UTC+2, Cornelius Kölbel a
écrit :
You are also unclear.
I sounds like you are using ONE resolver with two LDAP
servers
specified.
Not multiple resolvers?
Please improve your request.
Am Montag, den 08.08.2016, 15:22 -0700 schrieb
BrianP:
> Hello,
> I try to configure privacyidea with several ldap
resolvers.
>
>
> So my configuration is:
> ldap: //ldap.server1, ldap: //ldap.server2
>
>
> The resolver test is OK.
>
>
> I manage to connect with radius server without
problem with both ldap
> server Up and running..
>
>
> But if I stop the first ldap server
(ldap: //ldap.server1), all my
> radius connections fail.
>
>
> My server logs are:
> rlm_perl: privacyIDEA Access Granted
> rlm_perl: return RLM_MODULE_OK
> rlm_perl: Added peer NAS-IP-Address = X.X.X.X
> rlm_perl: Added peer Password = User-pin + otp
> rlm_perl: par Added User-Name = user1
> rlm_perl: Added par Message-Authenticator =
> 0x5d30dd28f37b8a45f34cf3a93472db58
> rlm_perl: Added peer NAS-Port = 0
> rlm_perl: ERROR: Failed to create peer-Serial
privacyIDEA =
> OATH0000D202
> rlm_perl: Added par Reply-Message = privacyIDEA
Access Granted
> rlm_perl: Added together Auth-Type = Perl
> ++ [Perl] returns ok
> WARNING: Empty post-auth section. Using default
return values.
> Sending Access-Accept id of 53 to X.X.X.X 53768
Port
> Reply-Message = "privacyIDEA Access Granted"
> Finished 0 request.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host X.X.X.X
53768 port, id = 53,
> length = 94
> Sending duplicate reply to customer cerbere 53768
Port - ID: 53
> Sending Access-Accept id of 53 to X.X.X.X 53768
Port
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host X.X.X.X
53768 port, id = 53,
> length = 94
> Sending duplicate reply to customer cerbere 53768
Port - ID: 53
> Sending Access-Accept id of 53 to X.X.X.X 53768
Port
> Waking up in 4.9 seconds.
> Cleaning up request with timestamp 53 0 ID 601
> Ready to process requests.
>
>
>
>
> And client side with the command radtest:
> 0) No reply from server socket 53 for ID 3
>
>
>
>
> Do you have any idea about this pb ?
>
>
> Many thanks
> Brian
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding
two factor
> authentication please visit
>
https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a
SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY
and LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed
to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving
emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/e89942d0-f883-4238-9fff-b6b82238df0d%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
Please read the blog post about getting help
Getting help – privacyID3A.
For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/06b64a2f-428f-4e15-b443-5a7ca13aa00e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)