FreeRADIUS and EDUROAM timeout issues
Alan DeKok
aland at deployingradius.com
Wed Oct 8 15:16:45 CEST 2008
Peter Eriksson wrote:
> The default setting seems to be less than optimal since if a remote site
> have problems with their home RADIUS servers then we risk having our
> local servers mark the upstream servers as "dead" since it's not
> receiving answers for a specific 'realm'...
That's been a bit of a problem in RADIUS proxying. The specification
says that serves MUST answer Access-Requests. But some implementations
don't do that when they're proxying. This causes all sorts of problems.
> Perhaps increase the 'response_window',
> and lower 'zombie_period' and 'revive_interval'
> and 'check_interval' values...
If you're using "status-server", then "revive_interval" isn't used.
> Best would probably be if FreeRadius kept a
> separate timeout for each 'server/realm' tuple...
Ugh. That's adding complexity to work around bugs in other RADIUS
servers, IMHO. Rather than keeping track of N realms && M home servers,
it now has to keep track of (N x M) combinations. That's expensive.
Still, if someone sends a patch, I'll look at it.
Alan DeKok.
More information about the Freeradius-Users
mailing list