reject_relay and freeradius as a daemon
Ana Gallardo Gómez
ana_gallardo_77 at hotmail.com
Mon Oct 1 14:49:19 CEST 2007
- Freeradius 1.1.7
- Debian Sarge (kernel 2.6.18-5-686)
- IBM x3550
Hello!
When I run freeradius in debug mode the Access-Reject is sent after the delay time indicated by the reject_delay setting.
When I run freeradius as a daemos, the Access-Reject is delayed too many time when reject_delay > 0. If I set reject_delay to 0 and run as a daemon, there is no delay.
In radiusd.conf I can read:
# reject_delay: When sending an Access-Reject, it can be
# delayed for a few seconds. This may help slow down a DoS
# attack. It also helps to slow down people trying to brute-force
# crack a users password.
#
# Setting this number to 0 means "send rejects immediately"
#
# If this number is set higher than 'cleanup_delay', then the
# rejects will be sent at 'cleanup_delay' time, when the request
# is deleted from the internal cache of requests.
#
# Useful ranges: 1 to 5
I have seen this thread in the mailing-list in 2004 (http://lists.freeradius.org/mailman/htdig/freeradius-users/2004-September/035812.html), but I find the same problem right now.
I don´t know if the global delayed time is reject_delay + max_session_time. I can´t find max_session_time. Maybe reject_delay + max_request_time ?
I don´t know what can I do:
1. delay_reject = 0
2. small max_request_time
...
Thank you and sorry for my english.
_________________________________________________________________
Prueba algunos de los nuevos servicios en línea que te ofrece Windows Live Ideas: tan nuevos que ni siquiera se han publicado oficialmente todavía.
http://ideas.live.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071001/9ce423fb/attachment.html>
More information about the Freeradius-Users
mailing list