STILL Trying to get tunneling to work- resolved, and a question

Mike Bernhardt bernhardt at bart.gov
Fri Jan 29 23:14:34 CET 2010


Just to clarify my questions:
If one of the servers I'm proxying to is dead, is there a way to reduce the
number of times freeradius tries before failing over to the next one?
2. Are there any ways to make this process more efficient, given that status
check currently doesn't work with the downstream servers?

-----Original Message-----
From: Mike Bernhardt [mailto:bernhardt at bart.gov] 
Sent: Friday, January 29, 2010 11:36 AM
To: 'freeradius-users at lists.freeradius.org'
Subject: Re: STILL Trying to get tunneling to work- resolved, and a question

I found the major problem that caused my configuration to not work. This was
in regards to getting freeradius to proxy EAP/PEAP to IAS servers as
standard CHAP. I was using freeradius 2.1.7, and then 2.1.8 as recommended
by someone. Neither worked.

The solution was to back down to 2.1.4. Is this a bug that was introduced
after that, or what? I can email config files to whomever needs them to work
on it.

So, I now have another question: I have set up 2 IAS servers in a pool. I
would like to drastically reduce the timeout before freeradius fails over to
the 2nd one. How do I do that? Right now it takes about 30 seconds but I
don't see a variable to change that.

I also noticed that the status requests, which begin after it has marked a
server as bad, do not work. How do I use the user name and [bad] password to
check status and bring it back sooner? It only seems to try it once and
that's it.

Thanks,

Mike




More information about the Freeradius-Users mailing list