Jan Zacharias wrote:
Alan DeKok <aland@deployingradius.com> hat am 1. September 2010 um 15:46 geschrieben:
Yes. Any child script which takes that long is broken.
No, it can also be just someone pulling a network cord/routing changes etc.etc.
Let me be clear: RADIUS clients and servers expect responses within a short time frame, usually milliseconds. Asking clients to wait many seconds for a slow script on the server is *impossible*. Many clients will give up, and reject the user. i.e. the RADIUS client doesn't care *why* the script is taking too long. All it knows is that the user can't log in. Please explain to your users
- fork ntlm_auth - wait 1s for it to return - if it doesn't return, kill it - try to fork it again
Yeah sure, this was also my first idea, but i'm still limited to ten seconds then :(
So... set the "don't wait" flag on the executed program. See the documentation for the "exec" module, or the "Exec-Program" attribute.
This isn't a server problem, and changing the server isn't necessary.
Sure it's not a problem, but it would improve reliability and robustness.
No, it would not improve reliability and robustness. Adding more
This is not about finger pointing or so, I just want to help make freerad even better :)
Yes... but we try not to re-invent the wheel. If you can add a feature by writing a few lines of a shell script, there is little reason to update the server source with that feature. Alan DeKok.