We write all accounting to detail files, which is then picked up by detail listener(s) and proxied to remote hosts. Recently, one of the home servers in a load balanced pool was configured with the wrong secret, triggering this code in received_proxy_response(): if (rad_verify(packet, request->proxy, request->home_server->secret) != 0) { DEBUG("Ignoring spoofed proxy reply. Signature is invalid"); return NULL; } Since the proxy response is ignored and detail_send() is never called, the detail listener stays in STATE_RUNNING. detail_recv() short-circuits during STATE_RUNNING, so the failed request is never retransmitted and all detail processing for that listener halts until FreeRADIUS is restarted. When received_proxy_response() is modified to fall through (instead of returning NULL) for detail listeners, rad_accounting() overrides request->reply->code, setting it to PW_ACCOUNTING_RESPONSE. When detail_send() is called, there's no way for it to tell that the request hasn't been processed successfully. It skips the current detail entry and continues processing. Adding more state information to the request to inform rad_accounting()'s (or detail_send()'s) decision making seems kludgy. Maybe allow received_proxy_response() to override the handler function (pfun in proxy_socket_recv()) to avoid rad_accounting() in this case? Alan, any feedback on your desired way to do this? john -- John Morrissey _o /\ ---- __o jwm@horde.net _-< \_ / \ ---- < \, www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__