Alan- any luck deciphering the problem I had with PEAP on 2.1.8 vs 2.1.4?

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Feb 18 22:16:37 CET 2010


Hi,

> Just checking in on this, I have plenty of patience. I just don't want to
> find myself in a situation down the road where a currently-unknown security
> issue or bug in 2.1.4 forces an upgrade, since our current configuration
> doesn't seem to work with 2.1.8...

what are you proxying the inner details to the IAS box as - are you using the
default configuration or have you turned off the tunnel-type eg

proxy_tunneled_request_as_eap = no


?

PS regarding the proxy status - so long as you choose the username/password
in that configuration that you IAS box knows (and rejects) then you should
know pretty quickly when/of the server is up. the default timers do need some
good tweaks in terms of failover... when balance method are you using for the 2 servers
in your pool?

the default timers are something like 2 minutes to bring back to life,
a 30 second interval between status checks (ping/request) and zombie timer
of 40 seconds...these might be wildly too large for your requirements.

alan



More information about the Freeradius-Users mailing list