Hello, first of all, sorry for my english. I'm testing Freeradius 2.0.4+dfsg-6 in Debian. I want to configure proxy like this (proxy.conf):
# radiusxx authentication home_server radiusxx_auth { type = auth ipaddr = 1.2.3.4 port = 1812 secret = secret response_window = 50 zombie_period = 20 status_check = request username = "user" password = "pass" check_interval = 30 num_answers_to_alive = 3 } # radiusxx accounting home_server radiusxx_acct { type = acct ipaddr = 1.2.3.4 port = 1813 secret = secret response_window = 50 zombie_period = 20 status_check = request username = "user" password = "pass" check_interval = 30 num_answers_to_alive = 3 } # radiusyy authentication home_server radiusyy_auth { type = auth ipaddr = 1.2.3.5 port = 1812 secret = secret response_window = 50 zombie_period = 20 status_check = request username = "user" password = "pass" check_interval = 30 num_answers_to_alive = 3 } # radiusyy accounting home_server radiusyy_acct { type = acct ipaddr = 1.2.3.5 port = 1813 secret = secret response_window = 50 zombie_period = 20 status_check = request username = "user" password = "pass" check_interval = 30 num_answers_to_alive = 3 } #authentication pool home_server_pool my_auth { type = fail-over home_server = radiusxx_auth home_server = radiusyy_auth } #accounting pool home_server_pool my_acct { type = fail-over home_server = radiusxx_acct home_server = radiusyy_acct } realm myrealm.my { auth_pool = my_auth acct_pool = my_acct # nostrip } My problem is when I'm going to test failover: I stop Freeradius in xx server and I send a authentication request. Sending Access-Request of id 143 to 1.2.3.4 port 1812 User-Name = "mmmm" User-Password = "111" Calling-Station-Id = "00:11:22:33:44:55" NAS-IP-Address = 1.2.2.2 Proxy-State = 0x3238 Proxying request 0 to home server 1.2.3.4 port 1812 Sending Access-Request of id 143 to 1.2.3.4 port 1812 User-Name = "mmmm" User-Password = "111" Calling-Station-Id = "00:11:22:33:44:55" NAS-IP-Address = 1.2.2.2 Proxy-State = 0x3238 Going to the next request Waking up in 0.9 seconds. Waking up in 28.9 seconds. rad_recv: Access-Request packet from host 1.2.2.2 port 39710, id=28, length=75 Sending duplicate proxied request to home server 1.2.3.4 port 1812 - ID: 143 Sending Access-Request of id 143 to 1.2.3.4 port 1812 User-Name = "mmmm" User-Password = "111" Calling-Station-Id = "00:11:22:33:44:55" NAS-IP-Address = 1.2.2.2 Proxy-State = 0x3238 Waking up in 26.9 seconds. rad_recv: Access-Request packet from host 1.2.2.2 port 39710, id=28, length=75 Sending duplicate proxied request to home server 1.2.3.4 port 1812 - ID: 143 Sending Access-Request of id 143 to 1.2.3.4 port 1812 User-Name = "mmmm" User-Password = "111" Calling-Station-Id = "00:11:22:33:44:55" NAS-IP-Address = 1.2.2.2 Proxy-State = 0x3238 Waking up in 23.9 seconds. . . . WARNING: Marking home server 1.2.3.4 port 1812 as zombie (it looks like it is dead). After 30 seconds I always get an accept_reject the first time. But if my zombie_period = 20, don't must mark radiusxx as zombie after 20 seconds and proxy my request to radiusyy. My response_window = 50 and Freeradius must wait 50 seconds before consider the request dead. Then, when I send another authentication request: Sending Access-Request of id 129 to 1.2.3.4 port 1812 User-Name = "mmmm" User-Password = "111" Calling-Station-Id = "00:11:22:33:44:55" NAS-IP-Address = 1.2.2.2 Proxy-State = 0x31 Proxying request 1 to home server 1.2.3.4 port 1812 Sending Access-Request of id 129 to 1.2.3.4 port 1812 User-Name = "mmmm" User-Password = "111" Calling-Station-Id = "00:11:22:33:44:55" NAS-IP-Address = 1.2.2.2 Proxy-State = 0x31 Going to the next request Waking up in 0.9 seconds. Waking up in 28.9 seconds. rad_recv: Access-Request packet from host 1.2.2.2 port 59850, id=1, length=75 FAILURE: Marking home server 1.2.3.4 port 1812 as dead. Sending Access-Request of id 118 to 1.2.3.5 port 1812 User-Name = "mmmm" User-Password = "111" Calling-Station-Id = "00:11:22:33:44:55" NAS-IP-Address = 1.2.2.2 Proxy-State = 0x31 Proxying request 1 to home server 1.2.3.5 port 1812 Sending Access-Request of id 118 to 1.2.3.5 port 1812 User-Name = "mmmm" User-Password = "111" Calling-Station-Id = "00:11:22:33:44:55" NAS-IP-Address = 1.2.2.2 Proxy-State = 0x31 Waking up in 26.9 seconds. rad_recv: Access-Accept packet from host 1.2.3.5 port 1812, id=118, length=23 Proxy-State = 0x31 I don't know why Freeradius doesn't send me an acces-accept, when I send the first request, after mark radiusxx (zombie_period = 20) as zombie and proxy the request to radiusyy. Thank you and sorry for my english.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html