Eduroam & FreeRadius not working so well

Mike Diggins mike.diggins at
Wed Dec 5 18:02:30 CET 2012

On Wed, 5 Dec 2012, Alan Buxey wrote:

> In the first instance, upgrade. There is a major security problem with 2.1.x release. Get 2.2.x onto your system asap.

This is the RedHat RPM which I believe are maintained by RedHat. Hopefully 
they've back ported any major security issues!

> What are your NAS (cisco controllers) timeouts? Is this box a pure proxy or does it do authentication too? Have you enabled ciscos status-check system so it knows the RADIUS server isn't dead but just hasn't had a remote response yet?

It does both autentication and proxy and I do have status-check enabled. 
On the contraller I increased the default timeout from 2 seconds up to 8 
seconds. At the same time I lowered the response_window for the two Home 
Servers from 20 seconds to 5 seconds, thinking the proxy would give up 
trying and respond to the controller before it timed out. That hasn't 
helped though. Perhaps I need to increase the controller timeout further.

> Around 67% of eduroam sites in the UK use freeradius

I assumed it should work better than it is.


More information about the Freeradius-Users mailing list