Eduroam & FreeRadius not working so well

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Wed Dec 5 20:32:24 CET 2012


Hi,

> This is the RedHat RPM which I believe are maintained by RedHat.
> Hopefully they've back ported any major security issues!

got the changelog for the 2.1.12 RPM release you are running?

> It does both autentication and proxy and I do have status-check
> enabled. On the contraller I increased the default timeout from 2
> seconds up to 8 seconds. At the same time I lowered the

2 seconds is very low for international RADIUS proxying...the traffic
needs to get to the end site...and then be dealt with by the end site
(which may take 1 - many seconds to actually authenticate the user
once the tunnel is created). somewhere around 10 seconds is the maximum
I would expect for global roaming authentication via multple proxy peers

the RADIUS server is at the mercy of the controller and the remote sites...
who might not be answering at all...they could just reject.

I havent seen a sanity error message like that since the troublesome 2.1.7 - 2.1.9
days when the proxy code got some rewrites in places.....

I wonder if your proxy.conf for the home server stuff is correct and not 
flipping requests between remote proxys?

what does the server show/say in full debug mode with a test remote account?

alan


More information about the Freeradius-Users mailing list