Return no answer to the client if proxied access request times out
Alan DeKok
aland at deployingradius.com
Wed Jan 16 13:45:07 CET 2019
On Jan 16, 2019, at 3:37 AM, Gianni Costanzi <gianni.costanzi at gmail.com> wrote:
> we're running Freeradius 3.0.13 (the most recent version available for
> our production environment running RedHat Enterprise 7.5)
There are updated packages on http://packages.networkradius.com
You can also build your own packages.
I've never understood the attitude of "we're going to run software that's years out of date because that's what our vendor supplies". The vendor is there to make *you* happy. If the software they supply is out of date, complain. Or switch vendors. Or build your own.
> we did not configure no_response_fail parameter, so if I've understood
> well from the docs, Freeradius should not reply to the Access-Request
> of the client NAS if the proxied access request times out, right?
That was removed a long time ago.
There's another way to do it now. Instead of a config option, do:
Post-Proxy-Type Fail {
do_not_respond
}
That should fix it. It's also a more generic process. It works in more places, requires less C code, and is more configurable on your end.
> What I see is an Access-Reject from Freeradius server after the
> response_window expires, why?
>
> What am I missing?
The config still showed no_response_fail, when the code was removed from the server a long time ago. I've updated the current configuration to remove the references to no_response_fail.
Alan DeKok.
More information about the Freeradius-Users
mailing list