intermittent auth issue (proxy: request is no longer in proxy hash)

Chris Knipe savage at savage.za.org
Thu Jul 3 14:58:19 CEST 2014


On Thu, Jul 3, 2014 at 2:11 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Chris Knipe wrote:
>> For some reason, the response received does not make it through
>> post_proxy.  From what I can gather in the logs, FR complains:
>>
>> Thu Jul  3 11:55:49 2014 : Debug: (216) proxy: request is no longer in
>> proxy hash
>
>   That's the issue.  The original request has timed out, and has been
> removed from the list of outstanding proxied packets.

Ok.  So what is the value of the timeout? Is it configurable, and if
not, can we get a option to configure the timeout value? I don't see
anything in proxy.conf, so my apologies if I missed this.  All the
requests also generally come back to me at the same time (as posted
previously in the logs).  Why is post_proxy then executed for one
request, but not the other?  They arrive back at FR at the same time,
baring a few us...

If you read the two responses posted to the packets, you will also see
that both responses gave the proxy hash error, yet the one is still
passed through post_proxy, and the other is not..

Unfortunately, again, the speed of light is a constant.  I *cannot*
process a proxied packet faster than what it takes to transmit the
packet half way around the world - I get my responses generally sub
250ms.

With all due respect Alan, and I say this with the UTMOST respect,
Freeradius is being anal about timeouts, IF, this is indeed a timeout
issue.  The fact that the first response is sent through post_proxy,
and the other responses received virtually at the same time is not...
Well, yes.


-- 

Regards,
Chris Knipe


More information about the Freeradius-Users mailing list