Chapter 13
Pop quiz – troubleshooting
- On Debian and Ubuntu the FreeRADIUS server binary is called
freeradiusinstead ofradiusdwhen you install the standard FreeRADIUS package. - You can create named instances of the
ldapmodule that will use the slower servers. Then you can replace theldapentry in theauthorizesection with a redundant section that lists the module using the fast LDAP server first and thereafterldapmodule instances using the slower ones.#ldap redundant { ldap ldap.slow1 ldap.slow2 }If you use the 'bind as' authentication method for LDAP you also need to change the
Auth-TypeLDAP in the authenticate section to the following:Auth-Type LDAP { redundant { ldap ldap.slow1 ldap.slow2 } } - The supplicant on Bob's machine is probably designed badly. While his password was changed on the backend, his supplicant kept on attempting to connect by sending the previous password. The backend detected a potential intrusion...
