Peter Eriksson wrote: > The default setting seems to be less than optimal since if a remote site > have problems with their home RADIUS servers then we risk having our > local servers mark the upstream servers as "dead" since it's not > receiving answers for a specific 'realm'...
That's been a bit of a problem in RADIUS proxying. The specification says that serves MUST answer Access-Requests. But some implementations don't do that when they're proxying. This causes all sorts of problems. > Perhaps increase the 'response_window', > and lower 'zombie_period' and 'revive_interval' > and 'check_interval' values... If you're using "status-server", then "revive_interval" isn't used. > Best would probably be if FreeRadius kept a > separate timeout for each 'server/realm' tuple... Ugh. That's adding complexity to work around bugs in other RADIUS servers, IMHO. Rather than keeping track of N realms && M home servers, it now has to keep track of (N x M) combinations. That's expensive. Still, if someone sends a patch, I'll look at it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
