Zombie Infestation of Log file

Alan DeKok aland at deployingradius.com
Wed Apr 21 17:47:43 CEST 2010

Josip Rodin wrote:
>On Tue, Apr 20, 2010 at 10:59:04PM -0800, Benjamin Marvin wrote:
>> I've also turned off the status_check feature as 1.1.7 and Cisco ACS do
>> not appear to support it.

  You can configure a fake username && password for status checks.

  This *is* documented in raddb/proxy.conf.

> Without status_check, you rely on the timeouts - revive_interval and
> zombie_period.

  Which is much worse than status checks.

> But, if you're talking to FR 1.1.7, that should be able to make it respond
> negatively to a single fake user/domain, and then you can use that for
> status_check = request on its clients.
> *Any* status_check is better on FR 2.x than none... speaking from horrible
> experience...

  Yup.  It's not that 2.x is bad without status checks, it's that there
is *no way* for anyone to do "the right thing" without status checks.

  Alan DeKok.

More information about the Freeradius-Users mailing list