freeradius <=> radsecproxy: Login incorrect (Failed to find live home server)
aland at deployingradius.com
Mon Aug 8 21:22:59 UTC 2022
On Aug 8, 2022, at 11:22 AM, Michael Baye <excelsio at gmx.com> wrote:
> I have freeradius 3.0.25 and radsecproxy 1.9.1 installed on the same server. freeradius receives requests, proxies it to radsecproxy which will forward it to the next hop.
That's good, but that doesn't always make proxying work. There's the whole "rest of the network" to worry about.
> - /etc/raddb/proxy.conf
All of the documentation says "don't post configuration files". It helps to read it.
> Well, I´m seeing strange sporadic "Login incorrect (Failed to find live home server" errors by freeradius) for different requests. According to /var/log/radius/radius.log.
> =====freeradius has many (Failed to find live home server: Cancelling proxy)-messages, followed by 1x Login OK:
> Mon Aug 8 16:10:59 2022 : Auth: (166054) Login incorrect (Failed to find live home server: Cancelling proxy): [2669314093 at bypass.org/<no User-Password attribute>] (from client ap-g17-00.37 port 2 cli 20-F4-12:31-E1-41)
If radsecproxy doesn't get a response to packets it sends, it doesn't reply to FreeRADIUS. And then FreeRADIUS thinks that radsecproxy is down.
The fix is to enable status-server checks in FreeRADIUS (proxy.conf) and in radsecproxy.
> => So it looks like radsecproxy does not receive those requests at all,
Maybe, maybe not. The times in the log messages are an hour apart. So you're not really looking at the same thing.
> which doesn´t make sense for me as it runs on the same virtual machine. Did I miss some kind of rate limiting configuration for either freeradius or radsecproxy?
More information about the Freeradius-Users