FreeRadius with Eduroam - Accounting

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Oct 13 20:50:08 CEST 2011


On 13 Oct 2011, at 19:47, Mike Diggins wrote:

> 
> On Tue, 4 Oct 2011, Mike Diggins wrote:
> 
>> 
>> I'm running FreeRadius 2.1.3 on RedHat Enterprise Linux configured as an Eduroam Radius proxy server. My Cisco Wireless Lan Controllers are constantly failing over the Accounting Servers, due to lack of response from the Home Servers, or so says the log. However, I believe the issue is that some remote institutions Radius Servers are ignoring the Accounting packets, and timing out my end, making it believe the Home Servers have failed to respond. FreeRadius responds by marking the Home server dead. It then sends a status-server query, to which is gets a reply, and enables the Dead Home server. I believe that's the sequence of events anyway. I captured some of that in debug mode:
>> 
>> Rejecting request 288 due to lack of any response from home server x.x.x.x port 1813
>> 
>> Finished request 288.
>> 
>> Cleaning up request 288 ID 205 with timestamp +1161
>> 
>> PROXY: Marking home server x.x.x.x port 1813 as zombie (it looks like it is dead).
>> 
>> Sending Status-Server of id 55 to x.x.x.x port 1813
>>       Message-Authenticator := 0x00000000000000000000000000000000
>>       NAS-Identifier := "Status Check. Are you alive?"
>> Waking up in 3.9 seconds.
>> 
>> rad_recv: Access-Accept packet from host x.x.x.x port 1813, id=55, length=806
>> 
>> I don't have any control over Accounting Packets being accepted, or not, by other Eduroam members. Some do, some don't I imagine. Is there a configuration for FreeRadius that handles this situation cleanly? Seems to me that FR should check the Home server first, before marking it dead (at least).
> 
> Accounting feature on the WLAN controllers (for now), I noticed that a similar failure is a happening on the Authentication side. Some authentication requests proxied to other radius servers (via Eduroam) are either failing or taking a long time to respond, which also causes my FreeRadius to mark the Home Server as DOWN. That also seems to cause a chain reaction of backed up requests, causing my WLAN controllers to failover the radius server.

Are you using status-server? It should figure out the home server is back up pretty quickly, in fact it should never mark it dead at all (see below).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.pdf
Type: application/pdf
Size: 15853 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111013/b1402cb9/attachment.pdf>
-------------- next part --------------



Yes i'm going to the special kind of hell for people who post images to public lists...


Arran Cudbard-Bell
a.cudbardb at freeradius.org

Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !



More information about the Freeradius-Users mailing list