reject_relay and freeradius as a daemon

Ana Gallardo Gómez Mon, 01 Oct 2007 06:01:41 -0700

- Freeradius 1.1.7
- Debian Sarge (kernel 2.6.18-5-686)
- IBM x3550

Hello!


When I run freeradius in debug mode the Access-Reject is sent after the delay 
time indicated by the reject_delay setting.

When I run freeradius as a daemos, the Access-Reject is delayed too many time 
when reject_delay > 0. If I set reject_delay to 0 and run as a daemon, there is 
no delay.

In radiusd.conf I can read:

        #  reject_delay: When sending an Access-Reject, it can be
        #  delayed for a few seconds.  This may help slow down a DoS
        #  attack.  It also helps to slow down people trying to brute-force
        #  crack a users password.
        #
        #  Setting this number to 0 means "send rejects immediately"
        #
        #  If this number is set higher than 'cleanup_delay', then the
        #  rejects will be sent at 'cleanup_delay' time, when the request
        #  is deleted from the internal cache of requests.
        #
        #  Useful ranges: 1 to 5

I have seen this thread in the mailing-list in 2004 
(http://lists.freeradius.org/mailman/htdig/freeradius-users/2004-September/035812.html),
 but  I find the same problem right  now. 

I don´t know  if the global delayed time is reject_delay + max_session_time. I 
can´t find max_session_time. Maybe reject_delay + max_request_time ?

I don´t know what can I do:

1. delay_reject = 0  
2. small max_request_time
...


Thank you and sorry for my english.



_________________________________________________________________
Prueba algunos de los nuevos servicios en línea que te ofrece Windows Live 
Ideas: tan nuevos que ni siquiera se han publicado oficialmente todavía.
http://ideas.live.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

reject_relay and freeradius as a daemon

Reply via email to