We've freeradius as proxy server, and I see 2 problems: 1) When we receive an Access-Request from a client with incorrect password/invalid user, freeradius proxy sends it to the final radius and the final answer an Access-Reject very quick, but the freeradius proxy delays the answer to the client 16 seconds.
2) When we receive an Access-Request and we send it to the final radius, if the shared secret (shared by proxy and final) is incorrect, the final sends a reject to the proxy and the proxy delays the same (16 seconds) to answer the client a reject. 3) When we receive an Access-Request and we send it to the final radius, if the proxy radius is not an allowed client in the final radius, the final radius silently discard the packet, and with no answer the proxy delays 31 (#!?) seconds and send a reject to the client . Questions: + Is there any way to short this request time? Where can I configure that? Is it something about this message: "Waking up in 16 seconds..."? + Should the final radius answer when the shared secret is incorrect or discard silently the packet? Should the final radius answer when the proxy is not an allowed client or discard silently the packet? In the RFC2865 we can read (page5): "Once the RADIUS server receives the request, it validates the sending client. A request from a client for which the RADIUS server does not have a shared secret MUST be silently discarded. If the client is valid, the RADIUS server consults a database of users to find...." Mmmm, ok, I think the final radius should also discard the packet with an INCORRECT shared secret. Is that correct? Thanks. Miguel Diez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html