Auth-Type = Reject not 'working'
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jun 1 12:16:26 CEST 2006
A.L.M.Buxey at lboro.ac.uk wrote:
> however, when running freeradius is debug mode, with -X, the Reject
> reply message is pretty fast...though still a lot slower than an
> Access-Accept message for a valid user - even though the valid user
> is in a database or a kerberos check. I assumed that a Auth-Type := Reject
> was an instant hit, with no further procedures... why then, when run
security {
# delayed_reject: When sending an Access-Reject, it can be
# delayed for a few seconds. This may help slow down a DoS
# attack. It also helps to slow down people trying to brute-force
# crack a users password.
#
# Setting this number to 0 means "send rejects immediately"
reject_delay = 1
}
> in debug mode, does FreeRADIUS happily reject the client request but
> when run as a normal process, it throws the request towards other
> Auth mechanisms?
I'm not sure about *that* aspect of it. I've never seen it. But rejects
are delayed in the default config.
More information about the Freeradius-Users
mailing list