Zombie Infestation of Log file

Josip Rodin joy at entuzijast.net
Wed Apr 21 15:36:58 CEST 2010


On Tue, Apr 20, 2010 at 10:59:04PM -0800, Benjamin Marvin wrote:
> The radius.log file for the primary servers show they are marking the 4th
> and Cisco (upstream) servers as zombie quite regularly (but not
> simultaneously);
> 
> I've set the response_window to as high as 60 seconds in the clients.conf
> file and I keep the zombie_period at 20 seconds.

What is your max_request_time?

The radiusd.conf default is 30, which means that you it doesn't really make
sense to have a proxy response_window close or larger than that (like 60) -
your requests will get stuck on that particular first one and then get
automatically cleaned up by the FR max_request_time handler after 30s.

> I've also turned off the status_check feature as 1.1.7 and Cisco ACS do
> not appear to support it.

Without status_check, you rely on the timeouts - revive_interval and
zombie_period.

But, if you're talking to FR 1.1.7, that should be able to make it respond
negatively to a single fake user/domain, and then you can use that for
status_check = request on its clients.

*Any* status_check is better on FR 2.x than none... speaking from horrible
experience...

-- 
     2. That which causes joy or happiness.



More information about the Freeradius-Users mailing list