On 27.11.2014 14.03, Patrik Forsberg wrote: > I see.. I have a cause for the duplicates I think. > It seems like the configuration I'm using is never sending a reject back to > the "external" proxys and I'm guessing that causes them to try again until > they timeout the request ?
Thanks for the update. Yes, this can escalate back to the request originator, for example WLAN controller, which may then switch to another RADIUS server because it is getting no reponses from its current RADIUS server. > It seems like if I add a Authby internal with a default reply of reject this > causes most of my duplicates to vanish.. Yes, this is a good idea. If the same happens to accounting requests, you can ignore them otherwise but use AuthBy INTERNAL to generate an accounting response. This is also to keep the other server and the NAS from retransmitting or switching servers. > I'm using a AuthBy Group that has ContinueUntilAccept set and even when a > user gets rejected it simply continues.. which would be the natural thing > with ContinueUntilAccept but this also causes the rejected login to become > "ignored" in the end.. > So an internal authby with default reject should remedy this I guess.. Yes. I recommend a default handler (simply <Handler> as the last Handler in the configuration file), which rejects all authentication requests and accepts accounting requests. It's not possible to reject authentication, so they should be just accepted. It might also be a good idea to have an AuthLog and/or AcctLogFileName in the default Handler when all requests should be handled by the other Handlers. This helps to see if there are any configuration mistakes that cause requests to miss the other Handlers. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
