Zombie Clarification
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Sat Mar 24 14:13:59 CET 2012
Hi,
there was never any more on this thread, so just to add some final info
> > Now, for whatever reason, the Windows box decides to discard some
> > requests. Unfortunately, the error reporting is pretty weak
> > ("discarding invalid request"). Our Windows guys are digging into
> > this. It seems to be client specific, we suspect something with our
> > recently changed certificate.
>
> I don't see how. Normal RADIUS doesn't use certificates.
>
> And if your home server *randomly* discards requests, then your
> priority should be to fix that. No amount of poking FreeRADIUS will
> make the home server magically work. No amount of poking FreeRADIUS
> will work around the fact that the home server is broken.
Microsoft decided, in their wisdom, to just discard packets that arent right.
this affects IAS and NPS. if your policy says, for example,
NAS-Port-Type = Wireless-802.11
an the packet doesnt have that attribute...or its not Wireless-802.11..then the packet
is just silently dropped. the RADIUS proxies throughout the proxy chain then
think the server is dead.... status-server kicks in.... oh, guess what. they dont support
that, so it stays marked dead. the remote proxies might be lucky...as their
status-server will be answered by the proxy above them...which, if its FreeRADIUS
or RADIATOR *will* respond in some way to show they are alive.
IAS and NPS are a mess with proxied RADIUS - especially when there are policies
involved.
alan
More information about the Freeradius-Users
mailing list