Robust Authentication Proxying
Ivan Kalik
tnt at kalik.net
Sat Jul 11 19:14:08 CEST 2009
> I'm not using RADIUS as a backend for ISP gear. I am using a RADIUS
> proxy to serve requests for service software, and when false failures
> come back, customers get error boxes in their software and contact our
> support angry that our authentications are returning transient
> errors. Furthermore, I consider it bad public face to return errors
> to customers when they should not get them. Yes, customers can always
> retry, but we can also retry for them when know the reason is not due
> to invalid information.
I think that you are going about it the wrong way. You wont proxy to
pretend that home server has not gone down. How about this - instead of a
group of stand-alone load-balanced home servers create a (true) high
availability cluster. If your home server is always available this issue
doesn't come up. And your customer always gets a response.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list