RADIUS failing to start correctly when remote DB is unavailable.

Sea Gull seagull0044 at gmail.com
Mon Dec 19 11:48:23 UTC 2022 

Hi Alan,

Thanks again for your time. I understand your comments, and you are right.
However, in my setup the RADIUS Authentication server, and the RADIUS
Accounting server are two different physical servers, and as you might well
know network disruptions can happen. Also, it is impossible for us to have
users unable to authenticate, because the accounting server is down as this
will stop thousands of users from working.

Is there a way we can have RADIUS Authentication working when the
accounting servers are down or unreachable, please?

Thanks again for your help.

Kind regards,
SG

On Mon, Oct 31, 2022 at 5:07 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Oct 31, 2022, at 10:53 AM, Sea Gull <seagull0044 at gmail.com> wrote:
> > The second scenario is when access to the remote DB is restricted due to
> a
> > network outage. This is the issue that I am experiencing, and here RADIUS
> > is taking too long until it notices that the DB is unreachable.
>
>   If your network is broken, the solution is not to fix FreeRADIUS.  The
> solution is to fix the network.
>
>   FreeRADIUS uses the libpq libraries to do all of the underlying "connect
> to postgres" functionality.  Those libraries are limited in what they can
> do.
>
> > It seems
> > that the timeout is either not working or taking too long. Is there a
> way I
> > can change it? I have tried changing the parameters shown below (in the
> sql
> > files) however, the issue didn't resolve.
>
>   We pass the connect_timeout parameter to the libpq library.  If that
> library doesn't respect it, there isn't much we can do.
>
> > What I am trying to achieve is to have the behaviour of the first
> scenario
> > whenever there is a network outage. Would it be possible to achieve this,
> > please?
>
>   Fix your network so that it doesn't go down.
>
>   There really isn't any other way to do this.  It makes no sense to say
> "I want FreeRADIUS to be reliable, but the database and/or the network is
> just going to randomly disappear".
>
>   That's not reliable.  You can't build a reliable system on an unreliable
> foundation.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list