HA scenario = failure
Rob Walker
rob3rt.walk3r at gmail.com
Mon Feb 9 22:04:50 CET 2015
Incase anyone else see's this I was able to fix with the following commands
on the switch which basically reduces the RADIUS host failover from the
default of 15 seconds to 3 which seems to have appeased the failover gods.
More details available in HP documentation.
radius-server- timeout 2
radius-server retransmit 1
On 9 February 2015 at 09:21, Dave Aldwinckle <daldwinc at uwaterloo.ca> wrote:
> Hi Rob,
>
> Welcome to the list.
>
> Please post the full debug output from both the success and the failure.
>
> Secondly, what firmware version is your switch running?
>
> Dave Aldwinckle
>
> On 15-02-09 11:15 AM, Alan DeKok wrote:
>
>> On Feb 9, 2015, at 11:09 AM, Rob Walker <rob3rt.walk3r at gmail.com> wrote:
>>
>>> I'm a freerad newb, trying to get my HP Procurve 2910al working with 2
>>> freerad servers (setup identically) and windows/linux endpoints. I've
>>> tested this setup successfully against each individual freerad server ok.
>>> As soon as I test stopping one of the free radius server hosts so that
>>> the
>>> 2910al is forced to try the other freerad server (testing a HA scenario)
>>> -
>>> authentication fails.
>>>
>> That’s bad.
>>
>> I can only guess that it's something the switch is mishandling?
>>>
>> Yes.
>>
>> If someone
>>> could advise on the below outputs it would be appreciated, it seems the
>>> packet length is much less when it doesn't work?
>>>
>> The packet length doesn’t matter. What matters is the the switch
>> sends a packet to the server. That’s good. The server responds. That’s
>> good. The switch never sends another packet. That’s bad.
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list