On Tue, 2003-04-01 at 08:03, Maarten Buiter wrote:
> However, when I turn off the first LDAP server's computer, TCP/IP
> is no longer able to deny an attempt to make a connection to the LDAP port,
> and I suspect the pam_ldap module (on a random client PC) to start waiting
> for ages before it eventually moves to the second server (it does move,
> but really, it takes very long, and I suspect these delays to accumulate).
Is the first ldap server on the other side of a router from the
clients? As soon as your arp cache for the IP address times out you
should get a quick failure when you attempt to contact a host that is
down. Individual hosts typically have fast timeout on their arp cache
but routers might keep a dead entry for 20 minutes. If it is a Cisco
you can use the command 'clear arp' to make it realize the address
is unreachable.
---
Les Mikesell
les@xxxxxxxxxxxxxxxx
_______________________________________________
Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list
