Regarding: FreeRADIUS sending Access-Reject if no response to proxied Access-Request
joakim.bentholm at servicefactory.com
Tue May 13 18:12:37 CEST 2008
> Doug Hardie <bc979 at lafn.org> wrote:
>> > Why? What's so problematic about the Access-Rejects?
>> Because the NAS will not switch over to the alternate radius server
>> which is probably working properly.
> Ok... so does the proxying server mark *all* home servers as dead?
> The problem is that if the NAS is using the same RADIUS server for
> other purposes, (i.e. packets which are't proxied), then it can fail
> over to the backup, even though parts of the server still work...
> If there's *no* way for the server to authenticate *any* packets,
> then that's reasonable grounds for pretending to be dead. Any other
> partial "live" system means that your local site will have to
> determine what packets to reply to, and why.
> I'm willing to add a patch where a module can mark a packet "no
> reply". It's then up to you to have a site-local module to mark some
> packets. But that knowing *when* to do that is up to you, and is
> *very* site-specific. Adding patches to the server core to support
> one site's configuration is problematic.
> Alan DeKok.
Link to the thread above.
Anyone who knows if and where the patch mentioned above can be. I found this
discussion thread, but I do not know where and how to find the the patch, if
available. This would solve our problem with an unresponsive user resource
management server accessed through a customised module in FreeRadius.
FreeBSD version 6.3
FreeRADIUS Version 1.1.7
More information about the Freeradius-Users