Doug Hardie <[EMAIL PROTECTED]> wrote:
> Why? What's so problematic about the Access-Rejects?
Because the NAS will not switch over to the alternate radius server
which is probably working properly.
Ok... so does the proxying server mark *all* home servers as dead?
The problem is that if the NAS is using the same RADIUS server for
other purposes, (i.e. packets which are't proxied), then it can fail
over to the backup, even though parts of the server still work...
If there's *no* way for the server to authenticate *any* packets,
then that's reasonable grounds for pretending to be dead. Any other
partial "live" system means that your local site will have to
determine what packets to reply to, and why.
I'm willing to add a patch where a module can mark a packet "no
reply". It's then up to you to have a site-local module to mark some
packets. But that knowing *when* to do that is up to you, and is
*very* site-specific. Adding patches to the server core to support
one site's configuration is problematic.
Alan DeKok.
Link to the thread above.
http://lists.cistron.nl/pipermail/freeradius-users/2004-April/030887.html
Hello,
Anyone who knows if and where the patch mentioned above can be. I found this
discussion thread, but I do not know where and how to find the the patch, if
available. This would solve our problem with an unresponsive user resource
management server accessed through a customised module in FreeRadius.
FreeBSD version 6.3
FreeRADIUS Version 1.1.7
Best Regards,
Joakim Bentholm
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
