Freeradius Proxy

Tharka Karunanayake tharkak at nvision.lk
Fri Jan 24 03:22:31 UTC 2025 

Dear Alan,

Thank you so much for the quick and on point response.

> Look at the logs on the home server.  I guarantee you that the logs will be FULL of messages complaining about unresponsive child / blocked in module / etc.

I will sure to look into this.

> If you're running a Perl script on the home server ... why?  The server doesn't need to run Perl.  The *only* reason to use a Perl script is to interact with some weird external API, and the only available libraries which support that are in Perl.

got it thanks. This radius server is something that has been developed 15 years ago by someone else and I was assigned to optimize it very recently. Currently it uses one Perl script to do everything and does not use modules. About 10% of the customers cannot get authenticate too. As a newbie I thought freeradius load balancer would resolve the problem. I will try for a solution and thanks again for pointing me in the right direction.

Thanks,
Tharka

Tharka Karunanayake

________________________________
From: Freeradius-Devel <freeradius-devel-bounces+tharkak=nvision.lk at lists.freeradius.org> on behalf of Alan DeKok <aland at deployingradius.com>
Sent: Thursday, January 23, 2025 5:22 PM
To: FreeRadius developers mailing list <freeradius-devel at lists.freeradius.org>
Subject: Re: Freeradius Proxy

On Jan 23, 2025, at 5:49 AM, Tharka Karunanayake <tharkak at nvision.lk> wrote:
> I have setup a freeradius proxy server and proxied my radius requests to two different freeradius servers. everything is working fine except for this error,
>
> Thu Jan 23 16:01:08 2025 : Proxy: Marking home server 3.147.84.26 port 1813 as zombie (it has not responded in 30.000000 seconds).

  That's pretty clear.

> My two servers are keep getting zombie and alive. But all the requests getting back to my two servers. How to resolve this issue?

  No.  The replies aren't making it back.  The home server is either going down, or is being very very slow for 30+ seconds at a time.

> These are the things I have tried so far,
>
> 1. add a custom radius reply to my accounting handling perl script
> $RAD_REPLY{'Acct-Status-Type'} = 'Interim-Update'; ------- did not work
> $RAD_REPLY{'Reply-Message'} = 'accounting received'; ---------did not work

  Adding attributes to a reply won't help, when the reply isn't being sent.

> 2. add a reply from sites-enabled/default
> 3. tried to reduce/remove attributes for proxy.conf for accounting related home_servers

  You can't fix a slow home server by poking the proxy.

  Look at the logs on the home server.  I guarantee you that the logs will be FULL of messages complaining about unresponsive child / blocked in module / etc.

  If you're running a Perl script on the home server ... why?  The server doesn't need to run Perl.  The *only* reason to use a Perl script is to interact with some weird external API, and the only available libraries which support that are in Perl.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

More information about the Freeradius-Devel mailing list