Antonio Modesto wrote: > Hi, > > I work at an ISP in Brazil, our main radius server is running freeradius > 1.X. I'm configuring a new server with freeradius 2.X and doing some > tests to see if I find any problem before putting it on production. So > far I've found a little problem that doesn't disable me to put it in > production, but can confuse in case of a radius failure. When an > authentication failure happens, on the nas it appears that the radius > server is not responding, it shows a "Radius timeout" message, here is > the output of the radius debug:
The timeouts on the NAS are set WAY too low. > Delaying reject of request 4 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > id=86, length=145 > Waiting to send Access-Reject to client teste port 35710 - ID: 86 i.e. the NAS didn't see a reply, and retransmitted. > Waking up in 0.6 seconds. > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > id=86, length=145 > Waiting to send Access-Reject to client teste port 35710 - ID: 86 And retransmitted again 0.3 seconds later. > Waking up in 0.3 seconds. > Sending delayed reject for request 4 > Sending Access-Reject of id 86 to 192.168.2.100 port 35710 And then the server responded 0.3 seconds later. Fix the NAS so it doesn't have *ridiculous* timeouts. RADIUS timeouts are normally in the multi-second range. Having the NAS retransmit multiple times a second is stupid, wrong, and will create problems. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
