Can I gracefully handle radius requests if all home servers are down?
Peter Lambrechtsen
peter at crypt.nz
Sat Jun 8 04:14:20 CEST 2019
At my previous job I cached all access-accepts in a local database as part
of the post-proxy including any custom VSAs the home server sent and
encrypted the password.
Then when the home server was went down the failover server kicked in and
the end users were still able to auth and kept on working.
Then I had aggressive timeouts of 2 seconds and then a backoff of 2 mins to
make sure the home server was back alive.
The only gotcha was to make sure that the destination server either
supported Status Messages so I can use those for keepalive or they provided
a static username & password to test when the server came back online.
Worked well in FR3 3.0.16/7 as I found a few minor bugs in the proxying
code in 3.0.14.
It's all documented in the proxy and realms config.
On Sat, Jun 8, 2019 at 6:06 AM work vlpl <thework.vlpl at gmail.com> wrote:
> I figure out that I can use `fallback` option in `home_server_pool`
> section, and point it to virtual server in which I can process
> requests as I want.
> But this approach works only for radius requests that was arrived
> after proxy FreeRadius decided that all home servers are dead and
> start using fallback. So this approach solve one half of my problem.
>
> I am still looking for a way to process radius requests if home
> servers are not responding, but FreeRadius server thinks that its
> alive.
> --
> Valdimir
>
>
> On Fri, 7 Jun 2019 at 23:10, work vlpl <thework.vlpl at gmail.com> wrote:
> >
> > Hello,
> >
> > Is it possible to detect that home server is not available and
> > gracefully process radius request locally?
> > ...
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list