Regarding: FreeRADIUS sending Access-Reject if no response to proxied Access-Request

Joakim Bentholm joakim.bentholm at
Tue May 13 18:12:37 CEST 2008

> Doug Hardie <bc979 at> wrote:
>> >   Why?  What's so problematic about the Access-Rejects?
>> Because the NAS will not switch over to the alternate radius server 
>> which is probably working properly.
>   Ok... so does the proxying server mark *all* home servers as dead?
>   The problem is that if the NAS is using the same RADIUS server for
> other purposes, (i.e. packets which are't proxied), then it can fail
> over to the backup, even though parts of the server still work...
>   If there's *no* way for the server to authenticate *any* packets,
> then that's reasonable grounds for pretending to be dead.  Any other
> partial "live" system means that your local site will have to
> determine what packets to reply to, and why.
>   I'm willing to add a patch where a module can mark a packet "no
> reply".  It's then up to you to have a site-local module to mark some
> packets.  But that knowing *when* to do that is up to you, and is
> *very* site-specific.  Adding patches to the server core to support
> one site's configuration is problematic.
>   Alan DeKok.

Link to the thread above.


Anyone who knows if and where the patch mentioned above can be. I found this 
discussion thread, but I do not know where and how to find the the patch, if 
available. This would solve our problem with an unresponsive user resource 
management server accessed through a customised module in FreeRadius.

FreeBSD version 6.3
FreeRADIUS Version 1.1.7

Best Regards,
	Joakim Bentholm

More information about the Freeradius-Users mailing list