Return no answer to the client if proxied access request times out

Gianni Costanzi gianni.costanzi at gmail.com
Wed Jan 16 09:37:57 CET 2019


Hi,
we're running Freeradius 3.0.13 (the most recent version available for
our production environment running RedHat Enterprise 7.5) and we
configured two home_server blocks in a pool to which we proxy Access
requests for realm sas:

home_server sas_tn_1 {
        type = auth+acct
        ipaddr = x.x.x.x
        port = 1812
        secret = --SECRET--
        require_message_authenticator = yes
        response_window = 20
        revive_interval = 120
        status_check = none
}

home_server sas_mi_1 {
        # auth+acct type handles auth requests on specified port and
acct requests on port+1
        type = auth+acct
        ipaddr = y.y.y.y
        port = 1812
        secret = --SECRET--
        require_message_authenticator = yes
        response_window = 20
        revive_interval = 120
        status_check = none
}

home_server_pool sas_pool_failover {
        type = fail-over
        home_server = sas_tn_1
        home_server = sas_mi_1
}

# SAS realm for OTP+Token access to routers
realm sas {
        pool = sas_pool_failover
}

we did not configure no_response_fail parameter, so if I've understood
well from the docs, Freeradius should not reply to the Access-Request
of the client NAS if the proxied access request times out, right?
What I see is an Access-Reject from Freeradius server after the
response_window expires, why?

What am I missing?

Best regards,
   Gianni Costanzi


More information about the Freeradius-Users mailing list