Hello Alan, hello list,
any thoughts about OK_RC/REJECT_RC for failover authservers? It would be an easy fix - I just wanted to know if you share my opinion about when to failover to the next authserver...
Rgds,
Stefan
Hello,
configuring multiple authserver in freeradius client the client retries to authenticate a user to all authservers configured although REJECT_RC is returned. This means an unauthenticated user (wrong password, no access rights) gets retried on all other authservers:
line 117-119 (buildreq.c):
for (i=0; (i < aaaserver->max) && (result != OK_RC) && (result != BADRESP_RC)
; i++, now = rc_getctime())
{
This means that only if the result is OK (login succeeded) or the result is bogus (BADRESP_RC) the login is not retried. Is this the expected behaviour?
I'd expect a failover to the other authservers on return codes other than OK_RC or REJECT_RC - as those are the only real radius replies.
Could someone please also shed some light on the question:
Will radius_deadtime work for other requests than PW_ACCOUNTING_REQUEST, as start_time gets initialized only if request_type is PW_ACCOUNTING_REQUEST? I don't seem to get the meaning of the code here...
Rgds,
Stefan