freeradius-client | multiple authservers and REJECT_RC
Stefan Karss
stefan.karss at googlemail.com
Fri Apr 9 21:39:48 CEST 2010
Hello,
configuring multiple authserver in freeradius client the client retries to
authenticate a user to all authservers configured although REJECT_RC is
returned. This means an unauthenticated user (wrong password, no access
rights) gets retried on all other authservers:
line 117-119 (buildreq.c):
for (i=0; (i < aaaserver->max) && (result != OK_RC) && (result !=
BADRESP_RC)
; i++, now = rc_getctime())
{
This means that only if the result is OK (login succeeded) or the result is
bogus (BADRESP_RC) the login is not retried. Is this the expected behaviour?
I'd expect a failover to the other authservers on return codes other than
OK_RC or REJECT_RC - as those are the only real radius replies.
Could someone please also shed some light on the question:
Will radius_deadtime work for other requests than PW_ACCOUNTING_REQUEST, as
start_time gets initialized only if request_type is PW_ACCOUNTING_REQUEST? I
don't seem to get the meaning of the code here...
Rgds,
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20100409/fca7eb85/attachment.html>
More information about the Freeradius-Devel
mailing list