* Peter Nixon <[EMAIL PROTECTED]> [2003-07-11 13:42]: > Sounds like you have a problem with a statefull firewall timing out > conenctions it shouldn't. Fix the firewall.
close, but not quite it ;) it's true, the firewall is the problem, but this firewall doesn't even _have_ stateful inspection..! the real problem is the way oracle connections work. for some time the server answers the client using the original source + destination ports. then they negociate new ports and move the connections there to free resources for new clients basically (at least that's how i understand it). that's when the connections from my freeradius machine to the oracle cluster die. in order for this to work the firewall would have to "understand" the oracle client <--> server communications, and adapt the rules on the fly (sorta like with ftp). or you could allow all tcp connections between the client + the server (not a very good idea...) so, just for the reference: freeradius + oracle works perfectly. no need for a patch or anything - sorry i wasted your time. it was one of the more difficult things to trouble-shoot (no rac cluster in our testlab, that would be a *little* bit too expensive...) thank you again very much for your help! this list has been way more useful than most commercial support i've been working with. also freeradius has proven to be much more flexible and a LOT more stable than any other radius i've used so far. is there actually a way to give donations to this project? i couldn't find anything at http://www.freeradius.org/ about this. you can't imagine how much money my company has been saving with this setup, _plus_ we got more functionality through freeradius. thank y'all very much!! so long, randy 250000+ users in ldap + oracle (dial-up, hscsd (gsm), gprs, wlan) redhat 7.3 250+ days with zero downtime keep up the good work! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
