FreeRadius with Eduroam - Accounting
Mike Diggins
mike.diggins at mcmaster.ca
Wed Oct 5 02:20:49 CEST 2011
I'm running FreeRadius 2.1.3 on RedHat Enterprise Linux configured as an
Eduroam Radius proxy server. My Cisco Wireless Lan Controllers are
constantly failing over the Accounting Servers, due to lack of response
from the Home Servers, or so says the log. However, I believe the issue is
that some remote institutions Radius Servers are ignoring the Accounting
packets, and timing out my end, making it believe the Home Servers have
failed to respond. FreeRadius responds by marking the Home server dead. It
then sends a status-server query, to which is gets a reply, and enables
the Dead Home server. I believe that's the sequence of events anyway. I
captured some of that in debug mode:
Rejecting request 288 due to lack of any response from home server x.x.x.x
port 1813
Finished request 288.
Cleaning up request 288 ID 205 with timestamp +1161
PROXY: Marking home server x.x.x.x port 1813 as zombie (it looks like it
is dead).
Sending Status-Server of id 55 to x.x.x.x port 1813
Message-Authenticator := 0x00000000000000000000000000000000
NAS-Identifier := "Status Check. Are you alive?"
Waking up in 3.9 seconds.
rad_recv: Access-Accept packet from host x.x.x.x port 1813, id=55,
length=806
I don't have any control over Accounting Packets being accepted, or not,
by other Eduroam members. Some do, some don't I imagine. Is there a
configuration for FreeRadius that handles this situation cleanly? Seems to
me that FR should check the Home server first, before marking it dead (at
least).
-Mike
More information about the Freeradius-Users
mailing list