Nicolas Baradakis wrote: > I see one advantage to use Access-Request "pings": I can test both the > RADIUS server and the MySQL backend with a single check.
Yes. > A FreeRADIUS proxy uses real users to ping the RADIUS servers, and > that's troublesome for the reasons outlined in your draft. Keepalived > deals with the problem differently: you can setup a special account to > run the monitor checks. Therefore you don't really care whether the > statistics of the user [EMAIL PROTECTED] are wrong. That's for strictly local testing. I would suggest allowing this only from localhost, or with certain VSA's that will never come in a RADIUS packet. I'll add a paragraph about this situation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
