I just found a PIX that kicks out the following auth:
User-Name = "bozo"
NAS-IP-Address = 10.1.1.1
User-Password = "krusty"
NAS-Port = 103
Cisco-AVPair = "ip:source-ip=10.1.1.2"
To which freeradius does not respond until *after* the pix sends the
first retry packet. The delay is always until the first retry;
regardless if whatever I set the pix retry timer. Nor is it affected by
the cleanup_delay or reject_delay. However, the last retry is eventually
responded to after the 30 second max_request_time. The pix is only
collecting timeouts on the aaa-server scoreboard.
The problem goes away if radiusd is put in single process mode. Platform
is Fedora Core and this is reproducible with their RPMs as well as
pristine freeradius 1.1.
../C
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
