response_window and zombie_period problem

Ana Gallardo ana.gallardo.77 at gmail.com
Thu Jun 25 08:39:53 CEST 2009 

Hello, first of all, sorry for my english.

I'm testing Freeradius 2.0.4+dfsg-6 in Debian. I want to configure proxy
like this (proxy.conf):

# radiusxx authentication
home_server radiusxx_auth {
    type = auth
    ipaddr = 1.2.3.4
    port = 1812
    secret = secret
    response_window = 50
    zombie_period = 20
    status_check = request
    username = "user"
    password = "pass"
    check_interval = 30
    num_answers_to_alive = 3
}

# radiusxx accounting
home_server radiusxx_acct {
    type = acct
    ipaddr = 1.2.3.4
    port = 1813
    secret = secret
    response_window = 50
    zombie_period = 20
    status_check = request
    username = "user"
    password = "pass"
    check_interval = 30
    num_answers_to_alive = 3
}

# radiusyy authentication
home_server radiusyy_auth {
    type = auth
    ipaddr = 1.2.3.5
    port = 1812
    secret = secret
    response_window = 50
    zombie_period = 20
    status_check = request
    username = "user"
    password = "pass"
    check_interval = 30
    num_answers_to_alive = 3
}

# radiusyy accounting
home_server radiusyy_acct {
    type = acct
    ipaddr = 1.2.3.5
    port = 1813
    secret = secret
    response_window = 50
    zombie_period = 20
    status_check = request
    username = "user"
    password = "pass"
    check_interval = 30
    num_answers_to_alive = 3
}

#authentication pool
home_server_pool my_auth {
    type = fail-over
    home_server = radiusxx_auth
    home_server = radiusyy_auth
}

#accounting pool
home_server_pool my_acct {
    type = fail-over
    home_server = radiusxx_acct
    home_server = radiusyy_acct
}


realm myrealm.my {
    auth_pool = my_auth
    acct_pool = my_acct
    # nostrip
}


My problem is when I'm going to test failover: I stop Freeradius in xx
server and I send a authentication request.

Sending Access-Request of id 143 to 1.2.3.4 port 1812
    User-Name = "mmmm"
    User-Password = "111"
    Calling-Station-Id = "00:11:22:33:44:55"
    NAS-IP-Address = 1.2.2.2
    Proxy-State = 0x3238
Proxying request 0 to home server 1.2.3.4 port 1812
Sending Access-Request of id 143 to 1.2.3.4 port 1812
    User-Name = "mmmm"
    User-Password = "111"
    Calling-Station-Id = "00:11:22:33:44:55"
    NAS-IP-Address = 1.2.2.2
    Proxy-State = 0x3238
Going to the next request
Waking up in 0.9 seconds.
Waking up in 28.9 seconds.
rad_recv: Access-Request packet from host 1.2.2.2 port 39710, id=28,
length=75
Sending duplicate proxied request to home server 1.2.3.4 port 1812 - ID: 143
Sending Access-Request of id 143 to 1.2.3.4 port 1812
    User-Name = "mmmm"
    User-Password = "111"
    Calling-Station-Id = "00:11:22:33:44:55"
    NAS-IP-Address = 1.2.2.2
    Proxy-State = 0x3238
Waking up in 26.9 seconds.
rad_recv: Access-Request packet from host 1.2.2.2 port 39710, id=28,
length=75
Sending duplicate proxied request to home server 1.2.3.4 port 1812 - ID: 143
Sending Access-Request of id 143 to 1.2.3.4 port 1812
    User-Name = "mmmm"
    User-Password = "111"
    Calling-Station-Id = "00:11:22:33:44:55"
    NAS-IP-Address = 1.2.2.2
    Proxy-State = 0x3238
Waking up in 23.9 seconds.
. . .
WARNING: Marking home server 1.2.3.4 port 1812 as zombie (it looks like it
is dead).

After 30 seconds I always get an accept_reject the first time. But if my
zombie_period = 20, don't must mark radiusxx as zombie after 20 seconds and
proxy my request to radiusyy. My response_window = 50  and Freeradius must
wait 50 seconds before consider the request dead.

Then, when I send another authentication request:

Sending Access-Request of id 129 to 1.2.3.4 port 1812
    User-Name = "mmmm"
    User-Password = "111"
    Calling-Station-Id = "00:11:22:33:44:55"
    NAS-IP-Address = 1.2.2.2
    Proxy-State = 0x31
Proxying request 1 to home server 1.2.3.4 port 1812
Sending Access-Request of id 129 to 1.2.3.4 port 1812
    User-Name = "mmmm"
    User-Password = "111"
    Calling-Station-Id = "00:11:22:33:44:55"
    NAS-IP-Address = 1.2.2.2
    Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
Waking up in 28.9 seconds.
rad_recv: Access-Request packet from host 1.2.2.2 port 59850, id=1,
length=75
FAILURE: Marking home server 1.2.3.4 port 1812 as dead.
Sending Access-Request of id 118 to 1.2.3.5 port 1812
    User-Name = "mmmm"
    User-Password = "111"
    Calling-Station-Id = "00:11:22:33:44:55"
    NAS-IP-Address = 1.2.2.2
    Proxy-State = 0x31
Proxying request 1 to home server 1.2.3.5 port 1812
Sending Access-Request of id 118 to 1.2.3.5 port 1812
    User-Name = "mmmm"
    User-Password = "111"
    Calling-Station-Id = "00:11:22:33:44:55"
    NAS-IP-Address = 1.2.2.2
    Proxy-State = 0x31
Waking up in 26.9 seconds.
rad_recv: Access-Accept packet from host 1.2.3.5 port 1812, id=118,
length=23
    Proxy-State = 0x31


I don't know why Freeradius doesn't send me an acces-accept, when I send the
first request, after mark radiusxx (zombie_period = 20) as zombie and proxy
the request to radiusyy.

Thank you and sorry for my english.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090625/274daba7/attachment.html>

More information about the Freeradius-Users mailing list