20 Nov
2012
20 Nov
'12
10:42 a.m.
Phil Mayers wrote:
Ooh, really? What solution did you hit on?
Cache reply by "State". authorize { cached_reply ... } post-auth { ... cached_reply } It returns "handled" in the "authorize" section if it finds a matching State. On authorize it does: if (cache[request State]) { send cached reply attrs handled } On post-auth it does: cache[request State] = 0 cache[reply State] = reply attrs It should work, I think. So if you have an intermediate proxy fail, the RADIUS re-transmit won't hit. But this will catch the retransmitted packet, which has the same State as a previous reply. Alan DeKok.