Return no answer to the client if proxied access request times out
Gianni Costanzi
gianni.costanzi at gmail.com
Wed Jan 16 09:37:57 CET 2019
Hi,
we're running Freeradius 3.0.13 (the most recent version available for
our production environment running RedHat Enterprise 7.5) and we
configured two home_server blocks in a pool to which we proxy Access
requests for realm sas:
home_server sas_tn_1 {
type = auth+acct
ipaddr = x.x.x.x
port = 1812
secret = --SECRET--
require_message_authenticator = yes
response_window = 20
revive_interval = 120
status_check = none
}
home_server sas_mi_1 {
# auth+acct type handles auth requests on specified port and
acct requests on port+1
type = auth+acct
ipaddr = y.y.y.y
port = 1812
secret = --SECRET--
require_message_authenticator = yes
response_window = 20
revive_interval = 120
status_check = none
}
home_server_pool sas_pool_failover {
type = fail-over
home_server = sas_tn_1
home_server = sas_mi_1
}
# SAS realm for OTP+Token access to routers
realm sas {
pool = sas_pool_failover
}
we did not configure no_response_fail parameter, so if I've understood
well from the docs, Freeradius should not reply to the Access-Request
of the client NAS if the proxied access request times out, right?
What I see is an Access-Reject from Freeradius server after the
response_window expires, why?
What am I missing?
Best regards,
Gianni Costanzi
More information about the Freeradius-Users
mailing list