Proxies "status-server" pings are broken when virtual server "status" is enabled
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Jan 28 10:07:52 CET 2013
Hi,
> This comes from the fact that in the status virtual-server, the
> "Autz-Type status-server" stanza is defined. But in the current virtual
> server receiving the "ping" (eduroam) it's not defined,so it triggers an
> reject message.
well, enable it then.
> Well in the end it doesn't change much as the remote server will still
> mark the server alive after receiving 3 access-reject in response to his
> status-server.
correct
> But is this behaviour wanted ?
depends. on you. there is no point in having an access-accept (using username/password)
as thats a credential that could be leaked or stolen etc.... its actually just as good (and standard)
to have a reject response....the remote server/local server still know that each other are alive!
ideally, both servers handle status-server packets and a basic 'status ping' will work just as well.
alan
More information about the Freeradius-Devel
mailing list