Zombie Infestation of Log file
Alan DeKok
aland at deployingradius.com
Wed Apr 21 17:47:43 CEST 2010
Josip Rodin wrote:
>On Tue, Apr 20, 2010 at 10:59:04PM -0800, Benjamin Marvin wrote:
>> I've also turned off the status_check feature as 1.1.7 and Cisco ACS do
>> not appear to support it.
You can configure a fake username && password for status checks.
This *is* documented in raddb/proxy.conf.
> Without status_check, you rely on the timeouts - revive_interval and
> zombie_period.
Which is much worse than status checks.
> But, if you're talking to FR 1.1.7, that should be able to make it respond
> negatively to a single fake user/domain, and then you can use that for
> status_check = request on its clients.
>
> *Any* status_check is better on FR 2.x than none... speaking from horrible
> experience...
Yup. It's not that 2.x is bad without status checks, it's that there
is *no way* for anyone to do "the right thing" without status checks.
Alan DeKok.
More information about the Freeradius-Users
mailing list