disable zombie period and status checks
Alan DeKok
aland at deployingradius.com
Fri Oct 3 16:49:06 CEST 2014
Travis Dimmig wrote:
> I have FreeRADIUS acting as a proxy server in an environment with a
> temperamental ACS server as the home server. The ACS server is known to
> be unreliable, an NPS server is being staged to replace it. In the
> meantime, however, I have to work as well as I can with the ACS server,
> and have no access or control to modify it.
Hmm... ACS....
> The ACS server regularly does not respond to requests, initiating the
> zombie period. It just as regularly doesn’t respond to the status
> checks (I’m using auth request type checks to ensure compatibility).
> The requirement of 3 successful responses in a row to be marked alive
> again is difficult to meet with this server.
That is unusual, even for ACS.
> I realize of course that the best solution is to fix the home server,
> but while that is being worked on I need my FreeRADIUS server to try to
> proxy requests as much as possible. I have dug through the configs, but
> found no way to completely disable the zombie period and status check
> behavior of the server. My goal is for FreeRADIUS to always consider
> the home server alive and proxy all requests to it, regardless of the
> fact that some do not get responses. Is this possible?
Set "zombie_period = 120". That should help. If the ACS server is
unresponsive for 2 minutes, there's not much else you can do.
The only other alternative is to edit the FreeRADIUS source code.
Change it so that home servers are *never* marked zombie.
But really... fixing ACS is a priority. There's no reason for it to
be dropping packets all of the time.
Alan DeKok.
More information about the Freeradius-Users
mailing list