pix auth and spawn_flag

Curtis Doty Curtis at GreenKey.net
Sun Mar 5 23:53:13 CET 2006


I just found a PIX that kicks out the following auth:

        User-Name = "bozo"
        NAS-IP-Address = 10.1.1.1
        User-Password = "krusty"
        NAS-Port = 103
        Cisco-AVPair = "ip:source-ip=10.1.1.2"

To which freeradius does not respond until *after* the pix sends the 
first retry packet. The delay is always until the first retry; 
regardless if whatever I set the pix retry timer. Nor is it affected by 
the cleanup_delay or reject_delay. However, the last retry is eventually 
responded to after the 30 second max_request_time. The pix is only 
collecting timeouts on the aaa-server scoreboard.

The problem goes away if radiusd is put in single process mode. Platform 
is Fedora Core and this is reproducible with their RPMs as well as 
pristine freeradius 1.1.

../C




More information about the Freeradius-Users mailing list