Jan Zacharias wrote: > Alan DeKok <al...@deployingradius.com> hat am 1. September 2010 um 15:46 > geschrieben: >> Yes. Any child script which takes that long is broken. > > No, it can also be just someone pulling a network cord/routing changes > etc.etc.
Let me be clear: RADIUS clients and servers expect responses within a short time frame, usually milliseconds. Asking clients to wait many seconds for a slow script on the server is *impossible*. Many clients will give up, and reject the user. i.e. the RADIUS client doesn't care *why* the script is taking too long. All it knows is that the user can't log in. Please explain to your users >> - fork ntlm_auth >> - wait 1s for it to return >> - if it doesn't return, kill it >> - try to fork it again > > Yeah sure, this was also my first idea, but i'm still limited to ten > seconds then :( So... set the "don't wait" flag on the executed program. See the documentation for the "exec" module, or the "Exec-Program" attribute. >> This isn't a server problem, and changing the server isn't necessary. > > Sure it's not a problem, but it would improve reliability and robustness. No, it would not improve reliability and robustness. Adding more > This is not about finger pointing or so, I just want to help make > freerad even better :) Yes... but we try not to re-invent the wheel. If you can add a feature by writing a few lines of a shell script, there is little reason to update the server source with that feature. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html