RadSec | Status-Server Support
Alan DeKok
aland at deployingradius.com
Sat Aug 2 09:50:39 UTC 2025
On Aug 1, 2025, at 5:47 PM, Cyrus Humphreville <theovandoesburg at gmail.com> wrote:
> Does RadSec support Status-Server (I only see reference to UDP in RFC
> 5997)?
Yes.
> In RFC 6614 for RadSec, however, I do see reference to
> Status-Server, but in practice, we can't seem to get it to work (probably
> PEBKAC).
Configure status_check = status-server as documented?
> NAS (standalone Aruba AP) --> FreeRADIUS Proxy (macOS) --> Nginx VIP (TCP
> 2083) --> FreeRADIUS Servers (RHEL 9)
>
> The NAS sends RADIUS via UDP to the proxy, which then proxies it to TCP for
> RadSec. We were expecting the proxy itself to send Status-Server requests
> to the FreeRADIUS VIP, but it doesn't seem to do so, and we don't see any
> Status-Server attempts when the proxy is in debug.
The proxy only sends Status-Server if it thinks that the next hop might be down. As per RFC 2865 Section 2.6, it doesn't send Status-Server when there is no auth / acct traffic.
Alan DeKok.
More information about the Freeradius-Users
mailing list