freeradius-client | multiple authservers and REJECT_RC

Stefan Karss stefan.karss at googlemail.com
Wed Apr 14 09:23:32 CEST 2010


Hello Alan, hello list,

any thoughts about OK_RC/REJECT_RC for failover authservers? It would be an
easy fix - I just wanted to know if you share my opinion about when to
failover to the next authserver...

Rgds,
Stefan

On Fri, Apr 9, 2010 at 9:39 PM, Stefan Karss <stefan.karss at googlemail.com>wrote:

> Hello,
>
> configuring multiple authserver in freeradius client the client retries to
> authenticate a user to all authservers configured although REJECT_RC is
> returned. This means an unauthenticated user (wrong password, no access
> rights) gets retried on all other authservers:
>
> line 117-119 (buildreq.c):
>
>         for (i=0; (i < aaaserver->max) && (result != OK_RC) && (result !=
> BADRESP_RC)
>             ; i++, now = rc_getctime())
>         {
>
> This means that only if the result is OK (login succeeded) or the result is
> bogus (BADRESP_RC) the login is not retried. Is this the expected behaviour?
>
> I'd expect a failover to the other authservers on return codes other than
> OK_RC or REJECT_RC - as those are the only real radius replies.
>
> Could someone please also shed some light on the question:
> Will radius_deadtime work for other requests than PW_ACCOUNTING_REQUEST, as
> start_time gets initialized only if request_type is PW_ACCOUNTING_REQUEST? I
> don't seem to get the meaning of the code here...
>
> Rgds,
> Stefan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20100414/0f5e9ae4/attachment.html>


More information about the Freeradius-Devel mailing list