Phil Mayers wrote: > Ooh, really? What solution did you hit on? Cache reply by "State".
authorize { cached_reply ... } post-auth { ... cached_reply } It returns "handled" in the "authorize" section if it finds a matching State. On authorize it does: if (cache[request State]) { send cached reply attrs handled } On post-auth it does: cache[request State] = 0 cache[reply State] = reply attrs It should work, I think. So if you have an intermediate proxy fail, the RADIUS re-transmit won't hit. But this will catch the retransmitted packet, which has the same State as a previous reply. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html