> Message: 2 > Date: Tue, 20 Mar 2007 12:30:47 +0100 > From: Alan DeKok <[EMAIL PROTECTED]> > Subject: Re: Proxying Eap Requests in round robbin. > To: FreeRadius users mailing list > <firstname.lastname@example.org> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Arran Cudbard-Bell wrote: > >> Whats happening if the first round of authentication will go to >> radius1.uscs.susx.ac.uk >> >> Second will go to radius2.uscs.susx.ac.uk, but the second doesn't know >> about the previous request and bails out with. > > Round robin && EAP don't work together very well. > >> So firstly is EAP proxying actually possible ? > > Yes. Many people are using it. Round-robin, on the other hand, isn't > currently possible. It would require additional code in the server. > > It's not hard, but it hasn't been done yet. > >> Secondly is there something really stupid i've missed ? > > Nope. > >> There are two ways I can see this working, either the proxy server >> directs all the authentication rounds for one session to one proxy >> server. Or the eap module on either backend instance figures out what >> the previous part of the conversation was. > > If it's proxying, the EAP module isn't being used. > >> Also I noticed this entry in eap.conf >> >> # A list is maintained to correlate EAP-Response >> # packets with EAP-Request packets. After a >> # configurable length of time, entries in the list >> # expire, and are deleted. >> # >> timer_expire = 60 >> >> Anyone know where this list actually exists ? >> If it's just in memory or an actual file ? > > It's in the EAP module. And it's only used when the server is doing > the EAP authentication. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > Damn, so theres no way to do load balancing with radius packets containing EAP attributes ?
Completely different topic, but is it normal for freeRADIUS to authorize the user in each round of authentication ? Can it not cache the credentials from the LDAP / SQL database ? Or is it doing that already transparently? Thankyou very much for your quick response anyway, saved me hours of head scratching. Regards, Arran -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication Authorisation & Accounting Officer Infrastructure Services | ENG1 FF08 EXT:3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html