disable zombie period and status checks

Alan DeKok aland at deployingradius.com
Fri Oct 3 16:49:06 CEST 2014


Travis Dimmig wrote:
> I have FreeRADIUS acting as a proxy server in an environment with a
> temperamental ACS server as the home server.  The ACS server is known to
> be unreliable, an NPS server is being staged to replace it.  In the
> meantime, however, I have to work as well as I can with the ACS server,
> and have no access or control to modify it.

  Hmm... ACS....

> The ACS server regularly does not respond to requests, initiating the
> zombie period.  It just as regularly doesn’t respond to the status
> checks (I’m using auth request type checks to ensure compatibility). 
> The requirement of 3 successful responses in a row to be marked alive
> again is difficult to meet with this server.

  That is unusual, even for ACS.

> I realize of course that the best solution is to fix the home server,
> but while that is being worked on I need my FreeRADIUS server to try to
> proxy requests as much as possible.  I have dug through the configs, but
> found no way to completely disable the zombie period and status check
> behavior of the server.  My goal is for FreeRADIUS to always consider
> the home server alive and proxy all requests to it, regardless of the
> fact that some do not get responses.  Is this possible?

  Set "zombie_period = 120".  That should help.  If the ACS server is
unresponsive for 2 minutes, there's not much else you can do.

  The only other alternative is to edit the FreeRADIUS source code.
Change it so that home servers are *never* marked zombie.

  But really... fixing ACS is a priority.  There's no reason for it to
be dropping packets all of the time.

  Alan DeKok.


More information about the Freeradius-Users mailing list