Eduroam & FreeRadius not working so well
Mike Diggins
mike.diggins at mcmaster.ca
Wed Dec 5 18:02:30 CET 2012
On Wed, 5 Dec 2012, Alan Buxey wrote:
> In the first instance, upgrade. There is a major security problem with 2.1.x release. Get 2.2.x onto your system asap.
This is the RedHat RPM which I believe are maintained by RedHat. Hopefully
they've back ported any major security issues!
>
> What are your NAS (cisco controllers) timeouts? Is this box a pure proxy or does it do authentication too? Have you enabled ciscos status-check system so it knows the RADIUS server isn't dead but just hasn't had a remote response yet?
It does both autentication and proxy and I do have status-check enabled.
On the contraller I increased the default timeout from 2 seconds up to 8
seconds. At the same time I lowered the response_window for the two Home
Servers from 20 seconds to 5 seconds, thinking the proxy would give up
trying and respond to the controller before it timed out. That hasn't
helped though. Perhaps I need to increase the controller timeout further.
>
> Around 67% of eduroam sites in the UK use freeradius
I assumed it should work better than it is.
-Mike
More information about the Freeradius-Users
mailing list