You're right, it worked. The default mikrotik timeout is 300ms, I've set it to 5000 ms and I've got the right answer. One more question, Though I'll reconfigure all the timeout's on my nas'es, why doesn't this problem happen with freeradius 1.X? Is that normal? Or is it something that's causing my freeradius 2.x to take longer to reply the requests
2012/8/7 Alan DeKok <[email protected]> > Antonio Modesto wrote: > > Hi, > > > > I work at an ISP in Brazil, our main radius server is running freeradius > > 1.X. I'm configuring a new server with freeradius 2.X and doing some > > tests to see if I find any problem before putting it on production. So > > far I've found a little problem that doesn't disable me to put it in > > production, but can confuse in case of a radius failure. When an > > authentication failure happens, on the nas it appears that the radius > > server is not responding, it shows a "Radius timeout" message, here is > > the output of the radius debug: > > The timeouts on the NAS are set WAY too low. > > > Delaying reject of request 4 for 1 seconds > > Going to the next request > > Waking up in 0.9 seconds. > > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > > id=86, length=145 > > Waiting to send Access-Reject to client teste port 35710 - ID: 86 > > i.e. the NAS didn't see a reply, and retransmitted. > > > Waking up in 0.6 seconds. > > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > > id=86, length=145 > > Waiting to send Access-Reject to client teste port 35710 - ID: 86 > > And retransmitted again 0.3 seconds later. > > > Waking up in 0.3 seconds. > > Sending delayed reject for request 4 > > Sending Access-Reject of id 86 to 192.168.2.100 port 35710 > > And then the server responded 0.3 seconds later. > > Fix the NAS so it doesn't have *ridiculous* timeouts. RADIUS timeouts > are normally in the multi-second range. Having the NAS retransmit > multiple times a second is stupid, wrong, and will create problems. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- Atenciosamente, * Antônio Modesto Gerente de TI* Praça Getúlio Vargas, 77 – Sala 308 – Centro Santo Antônio do Monte – MG – CEP: 35560-000 Tel:(37) 3281-2800 Contato: [email protected] http://www.isimples.com.br Aviso:Esta mensagem e quaisquer arquivos em anexo podem conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, por favor, não leia, copie, repasse, imprima, guarde, nem tome qualquer ação baseada nessas informações. Notifique o remetente imediatamente por e-mail e apague a mensagem permanentemente. Atenção: embora a Isimples Telecom, tome seus cuidados para garantir a ausência de vírus neste e-mail, a empresa não se responsabiliza por quaisquer perdas ou danos decorrentes do uso da mensagem e seus anexos. A segurança e ausência de erros na transmissão do e-mail não podem ser garantidas, já que as informações podem ser interceptadas, corrompidas, perdidas, destruídas, atrasadas, chegarem incompletas, ou, ainda, conter vírus. Recomendamos checar se o e-mail e seus anexos contém vírus, uma vez que nem a Isimples Telecom ou o remetente se responsabilizam pela transmissão destes.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
