Bug with dead_time and max_request_time?

Thu, 02 Dec 2004 03:29:40 -0800 

Hello,

Using freeradius 1.0.1 under Fedora core 2 I am having a problem with
the dead_time value in proxy.conf and the max_request_time in
radiusd.conf. I want to set the DEFAULT realm to point to two different
servers, so I have configured in proxy.conf DEFAULT twice, using fail
over mode rather than round-robin, on the local radius server.

The problem is that if the first server fails and the local server
receives a request then it tries to talk to the first DEFAULT server and
fails, eventually marking it as 'dead'. This is fine but the local
server also sends back to the client a reject rather than trying the
second DEFAULT server. The log shows:

  Re-sending Access-Request of id 0 to 10.163.6.23:1812
          Service-Type = Framed-User
          Framed-Protocol = PPP
          User-Name = "[EMAIL PROTECTED]"
          MS-CHAP-Challenge = 0xa58d80700b501a771921d8dd745770c4
          MS-CHAP2-Response =
0x4400d15375e1af2ec3c157257b228b1d5835000000000000000024bd525a997218b69fc9d32db2765352790fb196d83c39c1
          NAS-IP-Address = 10.163.13.2
          NAS-Port = 0
          Client-IP-Address = 127.0.0.1
          Realm = "DEFAULT"
          Realm = "DEFAULT"
          Proxy-State = 0x323335
  Waking up in 5 seconds...
  --- Walking the entire request list ---
  Server rejecting request 0.
  marking authentication server abc.plymouth.ac.uk:1812 for realm
DEFAULT dead
  Waking up in 0 seconds...
  --- Walking the entire request list ---
  Sending Access-Reject of id 235 to 127.0.0.1:32780
          MS-MPPE-Encryption-Policy = 0x00000002
          MS-MPPE-Encryption-Types = 0x00000006
  Cleaning up request 0 ID 235 with timestamp 41aef951
  Nothing to do.  Sleeping until we see a request.

As can be seen the first server is correctly marked dead but then a
reject is sent rather than trying the second server. I have changed the 
max_request_time to 60 in radiusd.conf, and using the default values of
proxy.conf (retry_delay = 5, retry_count = 3) this should be more than
enough time to try the second server, but a reject is still sent.

Is this a bug?



Thanks,

John.

-- 
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED]       Fax: +44 (0)1752 233839


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to