On Fri, Dec 16, 2011 at 1:02 AM, Nathan M <locu.lists@gmail.com> wrote:
@Fajar - the intent in having them dropped is exactly that. I don't want the end-user trying to authenticate to fail authentication, I do want the NAS to retry. I just want to control how quickly it can retry from my end.
Have you actually tried that? Your "solution" may actually be worse than the original problem. In my system, when radius reponds too late, the NAS will either: - mark the radius server dead, OR - have ridiculously high load that it's unable to function correctly, due to the high number of ongoing authentication request. In either case, the user will have to reauthenticate anyway. This is usually not a problem, since most of my clients are ADSL with the modem doing automatic reauthentication as needed. That's why is better to respond as quickly as possible, without any delay. Even if the response is reject. -- Fajar