<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi Alan,<div><br></div><div>Not sure if I understood it the wrong way, I have set a Post-Proxy-Type Fail handler in a virtual server, and then include the virtual_server in home_server_pool, but I still get a Access-Reject after both home servers are dead. </div><div>I read the comments in proxy.conf again, it says "<span style="font-size: 12pt;">A virtual_server may be specified here. If so, the </span><span style="font-size: 12pt;">"pre-proxy" and "post-proxy" sections are called when </span><span style="font-size: 12pt;">the request is proxied, and when a response is received." Does it mean when there is no response from home server, it still cannot go into the Post-Proxy-Type Fail hander.. ?</span></div><div><span style="font-size: 12pt;"><br></span></div><div><div>server not_respond_post_proxy {</div><div> pre-proxy {</div><div> <span style="font-size: 12pt;"> }</span></div><div><span style="font-size: 12pt;"> post-proxy {</span></div><div> Post-Proxy-Type Fail {</div><div> do_not_respond</div><div> }</div><div> }</div></div><div>}</div><div><span style="font-size: 12pt;">home_server_pool My_Pool_01{</span></div><div><div> type = fail-over</div><div> virtual_server = not_respond_post_proxy</div><div><br></div><div> home_server = my_server_01</div><div> home_server = my_server_02</div><div><span style="font-size: 12pt;">}</span></div></div><div><br></div><div><br></div><div>And then I created another virtual server with authorize using do_not_respond policy, and set it to fallback in home_server_pool. And it seems to start working (no access reject returned). Do you think it is the correct way to do it, do I need to include the P<span style="font-size: 12pt;">ost-Proxy-Type Fail handler as well?</span></div><div><br></div><div><div>server virtual.notrespond {</div><div> authorize {</div><div> do_not_respond</div><div> }</div></div><div>}</div><div><div>home_server virtual_not_respond {</div><div> virtual_server = virtual.notrespond</div><div>}</div></div><div><div>home_server_pool My_Pool_01{</div><div> type = fail-over</div><div><span style="font-size: 12pt;"> home_server = my_server_01</span></div><div> home_server = my_server_02</div><div><span style="font-size: 12pt;"> fallback = </span>virtual_not_respond</div></div><div>}</div><div><br></div><div><br></div><div><br></div><div>Thanks a lot!</div><div>Regards,</div><div>Leo</div><div><br><br><div>> Date: Wed, 5 Mar 2014 10:38:41 +0000<br>> From: aland@deployingradius.com<br>> To: freeradius-users@lists.freeradius.org<br>> Subject: Re: About proxy mode, when all home servers are dead<br>> <br>> regulus regulus wrote:<br>> > I have a FreeRADIUS 2.2.3 run in proxy mode to 2 home RADIUS servers in<br>> > failover mode. The problem I face now is that when both home RADIUS<br>> > servers are dead, FreeRADIUS will send a reject to NAS<br>> <br>> Yes.<br>> <br>> > When NAS receive a reject, it won't failover to another redundant<br>> > RADIUS. Is there a way to configure FreeRADIUS such that it will not<br>> > send another response back to NAS when all home RADIUS are dead?<br>> > I have been studying the "do_not_respond" policy, but not sure how to<br>> > use it in this case..<br>> <br>> Set it in the Post-Proxy-Type Fail handler:<br>> <br>> Post-Proxy-Type Fail {<br>> do_not_respond<br>> }<br>> <br>> Alan DeKok.<br>> -<br>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br></div></div><div class="vimiumReset vimiumHUD" style="right: 150px; opacity: 0; display: none;"></div> </div></body>
</html>