About proxy mode, when all home servers are dead

regulus regulus lai_leo at hotmail.com
Thu Mar 6 08:41:39 CET 2014 

Hi Alan,
Not sure if I understood it the wrong way, I have set a Post-Proxy-Type Fail handler in a virtual server, and then include the virtual_server in home_server_pool, but I still get a Access-Reject after both home servers are dead.   I read the comments in proxy.conf again, it says "A virtual_server may be specified here.  If so, the "pre-proxy" and "post-proxy" sections are called when the request is proxied, and when a response is received."  Does it mean when there is no response from home server, it still cannot go into the Post-Proxy-Type Fail hander.. ?
server not_respond_post_proxy {        pre-proxy {        }        post-proxy {                Post-Proxy-Type Fail {                      do_not_respond                }        }}home_server_pool My_Pool_01{    type = fail-over    virtual_server = not_respond_post_proxy
    home_server = my_server_01    home_server = my_server_02}

And then I created another virtual server with authorize using do_not_respond policy, and set it to fallback in home_server_pool.  And it seems to start working (no access reject returned).  Do you think it is the correct way to do it, do I need to include the Post-Proxy-Type Fail handler as well?
server virtual.notrespond {  authorize {    do_not_respond  }}home_server virtual_not_respond {  virtual_server = virtual.notrespond}home_server_pool My_Pool_01{    type = fail-over    home_server = my_server_01    home_server = my_server_02    fallback = virtual_not_respond}


Thanks a lot!Regards,Leo

> Date: Wed, 5 Mar 2014 10:38:41 +0000
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: About proxy mode, when all home servers are dead
> 
> regulus regulus wrote:
> > I have a FreeRADIUS 2.2.3 run in proxy mode to 2 home RADIUS servers in
> > failover mode.  The problem I face now is that when both home RADIUS
> > servers are dead, FreeRADIUS will send a reject to NAS
> 
>   Yes.
> 
> > When NAS receive a reject, it won't failover to another redundant
> > RADIUS.  Is there a way to configure FreeRADIUS such that it will not
> > send another response back to NAS when all home RADIUS are dead?
> > I have been studying the "do_not_respond" policy, but not sure how to
> > use it in this case..
> 
>   Set it in the Post-Proxy-Type Fail handler:
> 
> 	Post-Proxy-Type Fail {
> 		do_not_respond
> 	}
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140306/4db15948/attachment-0001.html>

More information about the Freeradius-Users mailing list