Strange problems in large proxy setup
Kostas Zorbadelos
kzorba at otenet.gr
Fri Feb 23 16:06:04 CET 2007
On Fri, Feb 23, 2007 at 02:49:57PM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
> > active sessions and if he is allowed to have a session the request is
> > proxied to the FUNK server that performs the actual authentication. So
> > the setup is a classical proxy setup. This policy decision of whether
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> whoah. steady on there. this is not a classical proxy setup. in a classical
> proxy setup ALL autentication is handled by a 3rd party. in this case you
> are doing an LDAP authorization on the FreeRADIUS box.
OK you have a point there, my wording is incorrect. Yes, we do make an
authorization decision in the freeradius box.
> the fact that this
> works on testing but not in high-volume production points a marked finger
> towards this LDAP process.
>
The 'ldap process' you refer to is actually rlm_ldap and a tiny
module of ours. However, we have never
observed any issues with them, no error messages or any other logging
messages. I believe I have a valid and quite simple (for my purposes
of course) configuration. I make the authorization decision and if all
OK, I proxy the request, otherwise I reject the request without
proxying it.
radiusd -X confirms that the configuration is correct, however I have
this problem behaviour in large scale. My initial suspitions go to the
proxying code to be honest, but I need to take a good look to grasp
it.
> alan
Kostas
More information about the Freeradius-Users
mailing list