On 13 Oct 2011, at 19:47, Mike Diggins wrote: > > On Tue, 4 Oct 2011, Mike Diggins wrote: > >> >> I'm running FreeRadius 2.1.3 on RedHat Enterprise Linux configured as an >> Eduroam Radius proxy server. My Cisco Wireless Lan Controllers are >> constantly failing over the Accounting Servers, due to lack of response from >> the Home Servers, or so says the log. However, I believe the issue is that >> some remote institutions Radius Servers are ignoring the Accounting packets, >> and timing out my end, making it believe the Home Servers have failed to >> respond. FreeRadius responds by marking the Home server dead. It then sends >> a status-server query, to which is gets a reply, and enables the Dead Home >> server. I believe that's the sequence of events anyway. I captured some of >> that in debug mode: >> >> Rejecting request 288 due to lack of any response from home server x.x.x.x >> port 1813 >> >> Finished request 288. >> >> Cleaning up request 288 ID 205 with timestamp +1161 >> >> PROXY: Marking home server x.x.x.x port 1813 as zombie (it looks like it is >> dead). >> >> Sending Status-Server of id 55 to x.x.x.x port 1813 >> Message-Authenticator := 0x00000000000000000000000000000000 >> NAS-Identifier := "Status Check. Are you alive?" >> Waking up in 3.9 seconds. >> >> rad_recv: Access-Accept packet from host x.x.x.x port 1813, id=55, length=806 >> >> I don't have any control over Accounting Packets being accepted, or not, by >> other Eduroam members. Some do, some don't I imagine. Is there a >> configuration for FreeRadius that handles this situation cleanly? Seems to >> me that FR should check the Home server first, before marking it dead (at >> least). > > Accounting feature on the WLAN controllers (for now), I noticed that a > similar failure is a happening on the Authentication side. Some > authentication requests proxied to other radius servers (via Eduroam) are > either failing or taking a long time to respond, which also causes my > FreeRadius to mark the Home Server as DOWN. That also seems to cause a chain > reaction of backed up requests, causing my WLAN controllers to failover the > radius server.
Are you using status-server? It should figure out the home server is back up pretty quickly, in fact it should never mark it dead at all (see below).
PastedGraphic-1.pdf
Description: Adobe PDF document
Yes i'm going to the special kind of hell for people who post images to public lists... Arran Cudbard-Bell a.cudba...@freeradius.org Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
