"Thor Spruyt" <[EMAIL PROTECTED]> wrote:It's a pitty, but radrelay can't be used for proxied packets. Reason is that if the packets are relayed to the backup server, the backup doesn't know it has already been proxied and will thus proxy it again. The homeserver should only receive the packet once of course!
Can you suggest a fix?
Well... I've given it some thinking and guess what...
Suppose you have a realm with 2 homeservers for redundancy:
realm NULL {
type = radius
authhost = 10.10.10.10:1812
accthost = 10.10.10.10:1813
secret = testing123
}
realm NULL {
type = radius
authhost = 20.20.20.20:1812
accthost = 20.20.20.20:1813
secret = testing123
}Suppose the primary server receives an acct packets, and proxies it to 20.20.20.20:1813
Then Freeradius-Proxied-To = 20.20.20.20 will be added in the detail file and relayed to the backup server.
Then the backup server will compare 20.20.20.20 with 10.10.10.10 and will again proxy the packet to the homeserver (10.10.10.10).
Suggested solution 1: let the primary server add multiple Freeradius-Proxied-To attributes (one for each server configured for that realm)
Suggested solution 2: let the backup server check the Freeradius-Proxied-To attribute against all servers configured for that realm
Suggested solution 3: add a Freeradius-Proxied-Realm attribute, which the backup server could check against
-- Regards,
Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt - Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet Hotspot service op www.telenet.be/hotspots
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
