Radius Timeout instead of Access-Reject

Antonio Modesto modesto at isimples.com.br
Tue Aug 7 20:55:17 CEST 2012


You're right, it worked. The default mikrotik timeout is 300ms, I've set it
to 5000 ms and I've got the right answer. One more question, Though I'll
reconfigure all the timeout's on my nas'es, why doesn't this problem happen
with freeradius 1.X? Is that normal? Or is it something that's causing my
freeradius 2.x to take longer to reply the requests

2012/8/7 Alan DeKok <aland at deployingradius.com>

> Antonio Modesto wrote:
> > Hi,
> >
> > I work at an ISP in Brazil, our main radius server is running freeradius
> > 1.X. I'm configuring a new server with freeradius 2.X and doing some
> > tests to see if I find any problem before putting it on production. So
> > far I've found a little problem that doesn't disable me to put it in
> > production, but can confuse in case of a radius failure. When an
> > authentication failure happens, on the nas it appears that the radius
> > server is not responding, it shows a "Radius timeout" message, here is
> > the output of the radius debug:
>
>   The timeouts on the NAS are set WAY too low.
>
> > Delaying reject of request 4 for 1 seconds
> > Going to the next request
> > Waking up in 0.9 seconds.
> > rad_recv: Access-Request packet from host 192.168.2.100 port 35710,
> > id=86, length=145
> > Waiting to send Access-Reject to client teste port 35710 - ID: 86
>
>   i.e. the NAS didn't see a reply, and retransmitted.
>
> > Waking up in 0.6 seconds.
> > rad_recv: Access-Request packet from host 192.168.2.100 port 35710,
> > id=86, length=145
> > Waiting to send Access-Reject to client teste port 35710 - ID: 86
>
>   And retransmitted again 0.3 seconds later.
>
> > Waking up in 0.3 seconds.
> > Sending delayed reject for request 4
> > Sending Access-Reject of id 86 to 192.168.2.100 port 35710
>
>   And then the server responded 0.3 seconds later.
>
>   Fix the NAS so it doesn't have *ridiculous* timeouts.  RADIUS timeouts
> are normally in the multi-second range.  Having the NAS retransmit
> multiple times a second is stupid, wrong, and will create problems.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>


-- 
Atenciosamente,
*
Antônio Modesto

Gerente de TI*





Praça Getúlio Vargas, 77 – Sala 308 – Centro

Santo Antônio do Monte – MG – CEP: 35560-000
Tel:(37) 3281-2800

Contato: isimples at isimples.com.br
http://www.isimples.com.br


Aviso:Esta mensagem e quaisquer arquivos em anexo podem conter informações
confidenciais e/ou

privilegiadas. Se você não for o destinatário ou a pessoa autorizada a
receber esta mensagem, por favor, não

leia, copie, repasse, imprima, guarde, nem tome qualquer ação baseada
nessas informações. Notifique o

remetente imediatamente por e-mail e apague a mensagem permanentemente.
Atenção: embora a Isimples

Telecom, tome seus cuidados para garantir a ausência de vírus neste e-mail,
a empresa não se responsabiliza

por quaisquer perdas ou danos decorrentes do uso da mensagem e seus anexos.
A segurança e ausência de

erros na transmissão do e-mail não podem ser garantidas, já que as
informações podem ser interceptadas,

corrompidas, perdidas, destruídas, atrasadas, chegarem incompletas, ou,
ainda, conter vírus. Recomendamos

checar se o e-mail e seus anexos contém vírus, uma vez que nem a Isimples
Telecom ou o remetente se

responsabilizam pela transmissão destes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120807/1e9c5127/attachment.html>


More information about the Freeradius-Users mailing list