radius timeout
Hi all I have freeradius-1.0.1-1 (with Petr Nixon's patch) running on FC-3 and using a postgresql backend to collect cisco AAA (stop only) records. My cisco IOS is 12.3(2)T2. I see a lot of radius timeout on my cisco router while the ping times is < 10ms and my radius timeout is set to 50. I even went further to connect the radius server and the router back to back with a cross cable and still have some timeouts. What could be wrong with my configs? Any help will be appreciated. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius timeout
Callis wrote: > I see a lot of radius timeout on my cisco router while the > ping times is < 10ms and my radius timeout is set to 50. Is there any error message in file "radius.log" ? -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius timeout
Below is the logs on my cisco router as well as the radius server. = PRI-CAN-GW1#sh radi stat Auth. Acct. Both Maximum inQ length: NA NA 20 Maximum waitQ length: NA NA 457 Maximum doneQ length: NA NA 4 Total responses seen: 0 38384 38384 Packets with responses: 0 38384 38384 Packets without responses: 0 146768 146768 Average response delay(ms): 0516 516 Maximum response delay(ms): 0 57760 57760 Number of Radius timeouts: 0 293969 293966 Duplicate ID detects: 0 0 0 Buffer Allocation Failures: 0 0 0 Maximum Buffer Size (bytes): 0 1409 1409 Source Port Range: (full range) 21645 - 21844 Last used Source Port/Identifier: 21685/242 Elapsed time since counters last cleared: 3d13h36m = radius.log ==start Thu Sep 8 16:55:14 2005 : Error: rlm_sql (pgsql-voip): failed after re-connect Thu Sep 8 16:55:14 2005 : Error: rlm_sql (pgsql-voip): Couldn't update SQL accounting STOP record - ERROR: duplicate key violates unique constraint "stoptelephonycombo" Thu Sep 8 16:55:14 2005 : Error: rlm_sql (pgsql-voip): failed after re-connect Thu Sep 8 16:55:14 2005 : Error: rlm_sql (pgsql-voip): Couldn't update SQL accounting STOP record - ERROR: duplicate key violates unique constraint "stoptelephonycombo" Thu Sep 8 16:55:14 2005 : Error: rlm_sql (pgsql-voip): failed after re-connect Thu Sep 8 16:55:14 2005 : Error: rlm_sql (pgsql-voip): Couldn't update SQL accounting STOP record - ERROR: duplicate key violates unique constraint "stoptelephonycombo" ===stop The duplicate records increase to the extent that it sometimes kills my radius server. What could be the cause of the timeout. On Thu, 8 Sep 2005 15:27:34 +0200 Nicolas Baradakis <[EMAIL PROTECTED]> wrote: Callis wrote: I see a lot of radius timeout on my cisco router while the ping times is < 10ms and my radius timeout is set to 50. Is there any error message in file "radius.log" ? -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius timeout
how connections to the database do you have in your pgsql-voip.conf? --- Callis <[EMAIL PROTECTED]> wrote: > Below is the logs on my cisco router as well as the > radius > server. > = > PRI-CAN-GW1#sh radi stat >Auth. Acct. > Both > Maximum inQ length: NA NA > 20 > Maximum waitQ length: NA NA >457 > Maximum doneQ length: NA NA > 4 > Total responses seen: 0 38384 > 38384 > Packets with responses: 0 38384 > 38384 >Packets without responses: 0 146768 > 146768 > Average response delay(ms): 0516 >516 > Maximum response delay(ms): 0 57760 > 57760 >Number of Radius timeouts: 0 293969 > 293966 > Duplicate ID detects: 0 0 > 0 > Buffer Allocation Failures: 0 0 > 0 > Maximum Buffer Size (bytes): 0 1409 > 1409 > Source Port Range: (full range) > 21645 - 21844 > Last used Source Port/Identifier: > 21685/242 > >Elapsed time since counters last cleared: > 3d13h36m > > = > radius.log > ==start > > Thu Sep 8 16:55:14 2005 : Error: rlm_sql > (pgsql-voip): > failed after re-connect > Thu Sep 8 16:55:14 2005 : Error: rlm_sql > (pgsql-voip): > Couldn't update SQL accounting STOP record - ERROR: > duplicate key violates unique constraint > "stoptelephonycombo" > Thu Sep 8 16:55:14 2005 : Error: rlm_sql > (pgsql-voip): > failed after re-connect > Thu Sep 8 16:55:14 2005 : Error: rlm_sql > (pgsql-voip): > Couldn't update SQL accounting STOP record - ERROR: > duplicate key violates unique constraint > "stoptelephonycombo" > Thu Sep 8 16:55:14 2005 : Error: rlm_sql > (pgsql-voip): > failed after re-connect > Thu Sep 8 16:55:14 2005 : Error: rlm_sql > (pgsql-voip): > Couldn't update SQL accounting STOP record - ERROR: > duplicate key violates unique constraint > "stoptelephonycombo" > > ===stop > The duplicate records increase to the extent that it > > sometimes kills my radius server. What could be the > cause > of the timeout. > > On Thu, 8 Sep 2005 15:27:34 +0200 > Nicolas Baradakis <[EMAIL PROTECTED]> wrote: > > >Callis wrote: > > > >> I see a lot of radius timeout on my cisco router > while > >>the > >> ping times is < 10ms and my radius timeout is set > to 50. > > > >Is there any error message in file "radius.log" ? > > > >-- > >Nicolas Baradakis > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Timeout instead of Access-Reject
Hi,
I work at an ISP in Brazil, our main radius server is running freeradius
1.X. I'm configuring a new server with freeradius 2.X and doing some tests
to see if I find any problem before putting it on production. So far I've
found a little problem that doesn't disable me to put it in production, but
can confuse in case of a radius failure. When an authentication failure
happens, on the nas it appears that the radius server is not responding, it
shows a "Radius timeout" message, here is the output of the radius debug:
rad_recv: Access-Request packet from host 192.168.2.100 port 35710, id=86,
length=145
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 124
NAS-Port-Type = Ethernet
User-Name = "modesto"
Calling-Station-Id = "BC:AE:C5:9C:87:C5"
Called-Station-Id = "isimples"
NAS-Port-Id = "LAN"
CHAP-Challenge = 0x246ed4d8e9cffc10c7c5120963c5d990
CHAP-Password = 0x0134931ed7c1c7fda0493d9663d658e789
NAS-Identifier = "REDE_ISIMPLES"
NAS-IP-Address = 192.168.2.100
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "modesto", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} -> modesto
[sql] sql_set_user escaped user --> 'modesto'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = '%{SQL-User-Name}' AND ativo='S'
ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'modesto' AND ativo='S' ORDER BY
id
[sql] expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='modesto'
rlm_sql (sql): Released sql socket id: 0
[sql] User modesto not found
++[sql] returns notfound
sql_xlat
expand: %{User-Name} -> modesto
sql_set_user escaped user --> 'modesto'
expand: SELECT nas_pool_name FROM naspool WHERE
nas_ip=INET_ATON('%{NAS-IP-Address}') -> SELECT nas_pool_name FROM naspool
WHERE nas_ip=INET_ATON('192.168.2.100')
rlm_sql (sql): Reserving sql socket id: 4
SQL query did not return any results
rlm_sql (sql): Released sql socket id: 4
expand: %{sql: SELECT nas_pool_name FROM naspool WHERE
nas_ip=INET_ATON('%{NAS-IP-Address}')} ->
++[control] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "modesto" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
Login incorrect (rlm_chap: Clear text password not available):
[modesto/] (from client teste port 124 cli BC:AE:C5:9C:87:C5)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> modesto
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 4 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.100 port 35710, id=86,
length=145
Waiting to send Access-Reject to client teste port 35710 - ID: 86
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 192.168.2.100 port 35710, id=86,
length=145
Waiting to send Access-Reject to client teste port 35710 - ID: 86
Waking up in 0.3 seconds.
Sending delayed reject for request 4
Sending Access-Reject of id 86 to 192.168.2.100 port 35710
Waking up in 4.9 seconds.
Cleaning up request 4 ID 86 with timestamp +41
Ready to process requests.
**
The freeradius server is running on a FreeBSD 9-STABLE Jail, there is no
firewall rules in the middle that could prevent the packet from being sent.
Regards.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius timeout when rlm_ldap module fail
Hi, I've used freeradius-1.1.3-1.6.el5 with openldap backend on my old system. When OpenLDAP server was down, client requested the Freeradius doesn't get any response and then requested another radius server. Now, after upgade to freeradius-2.1.9-3.el6, the behavior has changed. When backend LDAP server is down, FreeRadius responds immediately with Reject. I've read documentation and found this: Module return codes: RLM_MODULE_FAIL: Processing of this request could not be completed. Something is not working properly. FreeRADIUS responds with a reject response. It seems like it is correct behavior, but is it possible to change it as before? When backend OpenLDAP is down, freeradius should not respond to client? Regards, rus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Timeout instead of Access-Reject
Antonio Modesto wrote: > Hi, > > I work at an ISP in Brazil, our main radius server is running freeradius > 1.X. I'm configuring a new server with freeradius 2.X and doing some > tests to see if I find any problem before putting it on production. So > far I've found a little problem that doesn't disable me to put it in > production, but can confuse in case of a radius failure. When an > authentication failure happens, on the nas it appears that the radius > server is not responding, it shows a "Radius timeout" message, here is > the output of the radius debug: The timeouts on the NAS are set WAY too low. > Delaying reject of request 4 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > id=86, length=145 > Waiting to send Access-Reject to client teste port 35710 - ID: 86 i.e. the NAS didn't see a reply, and retransmitted. > Waking up in 0.6 seconds. > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > id=86, length=145 > Waiting to send Access-Reject to client teste port 35710 - ID: 86 And retransmitted again 0.3 seconds later. > Waking up in 0.3 seconds. > Sending delayed reject for request 4 > Sending Access-Reject of id 86 to 192.168.2.100 port 35710 And then the server responded 0.3 seconds later. Fix the NAS so it doesn't have *ridiculous* timeouts. RADIUS timeouts are normally in the multi-second range. Having the NAS retransmit multiple times a second is stupid, wrong, and will create problems. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Timeout instead of Access-Reject
You're right, it worked. The default mikrotik timeout is 300ms, I've set it to 5000 ms and I've got the right answer. One more question, Though I'll reconfigure all the timeout's on my nas'es, why doesn't this problem happen with freeradius 1.X? Is that normal? Or is it something that's causing my freeradius 2.x to take longer to reply the requests 2012/8/7 Alan DeKok > Antonio Modesto wrote: > > Hi, > > > > I work at an ISP in Brazil, our main radius server is running freeradius > > 1.X. I'm configuring a new server with freeradius 2.X and doing some > > tests to see if I find any problem before putting it on production. So > > far I've found a little problem that doesn't disable me to put it in > > production, but can confuse in case of a radius failure. When an > > authentication failure happens, on the nas it appears that the radius > > server is not responding, it shows a "Radius timeout" message, here is > > the output of the radius debug: > > The timeouts on the NAS are set WAY too low. > > > Delaying reject of request 4 for 1 seconds > > Going to the next request > > Waking up in 0.9 seconds. > > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > > id=86, length=145 > > Waiting to send Access-Reject to client teste port 35710 - ID: 86 > > i.e. the NAS didn't see a reply, and retransmitted. > > > Waking up in 0.6 seconds. > > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > > id=86, length=145 > > Waiting to send Access-Reject to client teste port 35710 - ID: 86 > > And retransmitted again 0.3 seconds later. > > > Waking up in 0.3 seconds. > > Sending delayed reject for request 4 > > Sending Access-Reject of id 86 to 192.168.2.100 port 35710 > > And then the server responded 0.3 seconds later. > > Fix the NAS so it doesn't have *ridiculous* timeouts. RADIUS timeouts > are normally in the multi-second range. Having the NAS retransmit > multiple times a second is stupid, wrong, and will create problems. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- Atenciosamente, * Antônio Modesto Gerente de TI* Praça Getúlio Vargas, 77 – Sala 308 – Centro Santo Antônio do Monte – MG – CEP: 35560-000 Tel:(37) 3281-2800 Contato: isimp...@isimples.com.br http://www.isimples.com.br Aviso:Esta mensagem e quaisquer arquivos em anexo podem conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, por favor, não leia, copie, repasse, imprima, guarde, nem tome qualquer ação baseada nessas informações. Notifique o remetente imediatamente por e-mail e apague a mensagem permanentemente. Atenção: embora a Isimples Telecom, tome seus cuidados para garantir a ausência de vírus neste e-mail, a empresa não se responsabiliza por quaisquer perdas ou danos decorrentes do uso da mensagem e seus anexos. A segurança e ausência de erros na transmissão do e-mail não podem ser garantidas, já que as informações podem ser interceptadas, corrompidas, perdidas, destruídas, atrasadas, chegarem incompletas, ou, ainda, conter vírus. Recomendamos checar se o e-mail e seus anexos contém vírus, uma vez que nem a Isimples Telecom ou o remetente se responsabilizam pela transmissão destes. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Timeout instead of Access-Reject
Hi, there's reject_delay in radiusd.conf It is typcially set to one second to prevent some attacks. You could set it to zero and then the reject may come through faster. Still, 300 ms is *really* low even for that - depending on the time your auth backend needs to even determine whether it was success or failure may take longer than that. Stefan On 07.08.2012 20:55, Antonio Modesto wrote: > You're right, it worked. The default mikrotik timeout is 300ms, I've set > it to 5000 ms and I've got the right answer. One more question, Though > I'll reconfigure all the timeout's on my nas'es, why doesn't this > problem happen with freeradius 1.X? Is that normal? Or is it something > that's causing my freeradius 2.x to take longer to reply the requests > > 2012/8/7 Alan DeKok <mailto:al...@deployingradius.com>> > > Antonio Modesto wrote: > > Hi, > > > > I work at an ISP in Brazil, our main radius server is running > freeradius > > 1.X. I'm configuring a new server with freeradius 2.X and doing some > > tests to see if I find any problem before putting it on production. So > > far I've found a little problem that doesn't disable me to put it in > > production, but can confuse in case of a radius failure. When an > > authentication failure happens, on the nas it appears that the radius > > server is not responding, it shows a "Radius timeout" message, here is > > the output of the radius debug: > > The timeouts on the NAS are set WAY too low. > > > Delaying reject of request 4 for 1 seconds > > Going to the next request > > Waking up in 0.9 seconds. > > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > > id=86, length=145 > > Waiting to send Access-Reject to client teste port 35710 - ID: 86 > > i.e. the NAS didn't see a reply, and retransmitted. > > > Waking up in 0.6 seconds. > > rad_recv: Access-Request packet from host 192.168.2.100 port 35710, > > id=86, length=145 > > Waiting to send Access-Reject to client teste port 35710 - ID: 86 > > And retransmitted again 0.3 seconds later. > > > Waking up in 0.3 seconds. > > Sending delayed reject for request 4 > > Sending Access-Reject of id 86 to 192.168.2.100 port 35710 > > And then the server responded 0.3 seconds later. > > Fix the NAS so it doesn't have *ridiculous* timeouts. RADIUS timeouts > are normally in the multi-second range. Having the NAS retransmit > multiple times a second is stupid, wrong, and will create problems. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > -- > Atenciosamente, > * > Antônio Modesto > > Gerente de TI* > > > > > > Praça Getúlio Vargas, 77 – Sala 308 – Centro > > Santo Antônio do Monte – MG – CEP: 35560-000 > Tel:(37) 3281-2800 > > Contato: isimp...@isimples.com.br <mailto:isimp...@isimples.com.br> > http://www.isimples.com.br > > > Aviso:Esta mensagem e quaisquer arquivos em anexo podem conter > informações confidenciais e/ou > > privilegiadas. Se você não for o destinatário ou a pessoa autorizada a > receber esta mensagem, por favor, não > > leia, copie, repasse, imprima, guarde, nem tome qualquer ação baseada > nessas informações. Notifique o > > remetente imediatamente por e-mail e apague a mensagem permanentemente. > Atenção: embora a Isimples > > Telecom, tome seus cuidados para garantir a ausência de vírus neste > e-mail, a empresa não se responsabiliza > > por quaisquer perdas ou danos decorrentes do uso da mensagem e seus > anexos. A segurança e ausência de > > erros na transmissão do e-mail não podem ser garantidas, já que as > informações podem ser interceptadas, > > corrompidas, perdidas, destruídas, atrasadas, chegarem incompletas, ou, > ainda, conter vírus. Recomendamos > > checar se o e-mail e seus anexos contém vírus, uma vez que nem a > Isimples Telecom ou o remetente se > > responsabilizam pela transmissão destes. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius timeout when rlm_ldap module fail
rss ln wrote: > It seems like it is correct behavior, but is it possible to change it > as before? When backend OpenLDAP is down, freeradius should not > respond to client? Read raddb/policy.conf. Look for "do_not_respond" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius timeout when rlm_ldap module fail
> Read raddb/policy.conf. Look for "do_not_respond"
Hello Alan,
Thank you, it solved the issue. I'm just not sure if I've implemented
it in right way:
authorize {
ldap {
# I don't understand next line:
fail = 1
}
if (fail) {
do_not_respond
}
.
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius timeout when rlm_ldap module fail
rss ln wrote: > Thank you, it solved the issue. I'm just not sure if I've implemented > it in right way: If it works, don't worry about it. If you want to continue worrying, read "man unlang" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius timeout when rlm_ldap module fail
> authorize {
>...
> ldap {
> # I don't understand next line:
> fail = 1
> }
> if (fail) {
> do_not_respond
> }
> ...
> }
Hi,
just for someone who will search answer later:
finally I found the explanation in http://wiki.freeradius.org/Fail-over :
'The "fail = 1" entry tells the server to remember the "fail" code,
with priority "1". The normal configuration is "fail = return", which
means "if the detail module fails, stop processing the authorize
section".'
rus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[Help] - How To configure Radius timeout / count retries
Hi All, Let say for example in our Wireless AP (access point) we can put 2 Radius server in sequence, radiusA and radiusB. I know the AP will eventually look at the 1st server, and if its not available (let say server is down) then it will go to the 2nd radius server (I only assume this). So is there any way in Radius conf we can set the retries or timeout, so for example after failed for 2 times (no matter what is the error is) it will goes to the other radius server? Thanks Danny -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
> Let say for example in our Wireless AP (access point) we can put 2 Radius > server in sequence, radiusA and radiusB. I know the AP will eventually look > at the 1st server, and if its not available (let say server is down) then it > will go to the 2nd radius server (I only assume this). > > So is there any way in Radius conf we can set the retries or timeout, so for > example after failed for 2 times (no matter what is the error is) it will > goes to the other radius server? You're asking whether you can configure FreeRADIUS to inform the access point that it should fail over to another server server after a given number of timeouts/retries? Or are you talking about failing over between upstream proxy servers? -Arran Arran Cudbard-Bell FreeRADIUS dev team - Maintainer Please contribute documentation: http://wiki.freeradius.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
Hello, This is what i want to do : "You're asking whether you can configure FreeRADIUS to inform the access point that it should fail over to another server server after a given number of timeouts/retries? " Thanks Danny -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
Out of topic : All, btw how can i make sure that when i reply in this mailing list it appears after the previous post ? I dont receieve any of your reply in my email and i have to go to the archive list to reply this. Thanks -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
On 1 Mar 2013, at 00:20, Danny Kurniawan wrote: > Out of topic : All, btw how can i make sure that when i reply in this mailing > list it appears after the previous post ? I dont receieve any of your reply > in my email and i have to go to the archive list to reply this. I'm not sure what you're asking... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
On 1 Mar 2013, at 00:19, Danny Kurniawan wrote: > Hello, > > This is what i want to do : > > "You're asking whether you can configure FreeRADIUS to inform the access > point that it should fail over to another server server after a given number > of timeouts/retries? " You can't. You configure that directly on the Access Point via the CLI/GUI or SNMP. The RADIUS protocol isn't used to transport server definitions or failover behaviour. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
No worries, i receive this mailing list on my email now.. OK, so i also understand that we can only configure that from the AP side. But unfortunately we cant find that in the Meraki AP ... let me check with our vendor on it. Thanks Danny On Fri, Mar 1, 2013 at 2:26 PM, Arran Cudbard-Bell < a.cudba...@freeradius.org> wrote: > > On 1 Mar 2013, at 00:20, Danny Kurniawan < > danny.kurnia...@fairchildsemi.com> wrote: > > > Out of topic : All, btw how can i make sure that when i reply in this > mailing list it appears after the previous post ? I dont receieve any of > your reply in my email and i have to go to the archive list to reply this. > > I'm not sure what you're asking... > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
Arran, >* Let say for example in our Wireless AP (access point) we can put 2 Radius >server in sequence, radiusA and radiusB. I know the AP will eventually look at >the 1st server, and if its not available (let say server is down) then it will >go to the 2nd radius server (I only assume this). *>* *>* So is there any way >in Radius conf we can set the retries or timeout, so for example after failed >for 2 times (no matter what is the error is) it will goes to the other radius >server? * You're asking whether you can configure FreeRADIUS to inform the access point that it should fail over to another server server after a given number of timeouts/retries? Or are you talking about failing over between upstream proxy servers? -Arran "Or are you talking about failing over between upstream proxy servers?" Does this mean a setup of Radius load balancing? I mean a few Radius server that used by the same AP ? So from AP point of view i just need to point to the "master" Ip address of the first radius server? Thanks Danny On Fri, Mar 1, 2013 at 3:27 PM, Danny Kurniawan < danny.kurnia...@fairchildsemi.com> wrote: > No worries, i receive this mailing list on my email now.. > > OK, so i also understand that we can only configure that from the AP side. > But unfortunately we cant find that in the Meraki AP ... let me check with > our vendor on it. > > Thanks > Danny > > On Fri, Mar 1, 2013 at 2:26 PM, Arran Cudbard-Bell < > a.cudba...@freeradius.org> wrote: > >> >> On 1 Mar 2013, at 00:20, Danny Kurniawan < >> danny.kurnia...@fairchildsemi.com> wrote: >> >> > Out of topic : All, btw how can i make sure that when i reply in this >> mailing list it appears after the previous post ? I dont receieve any of >> your reply in my email and i have to go to the archive list to reply this. >> >> I'm not sure what you're asking... >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > Best Regards, > Danny > -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
> > "Or are you talking about failing over between upstream proxy servers?" > > Does this mean a setup of Radius load balancing? I mean a few Radius server > that used by the same AP ? So from AP point of view i just need to point to > the "master" Ip address of the first radius server? No. That's talking about when you use FreeRADIUS to forward packets onto another RADIUS server. FreeRADIUS cannot tell the Access Point about alternative RADIUS servers in the same cluster. It's not supported by the protocol. You need to configure them manually on each Access Point. If you want redundancy try using something like VRRP or Anycast. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] - How To configure Radius timeout / count retries
Noted, thanks in advance. -Danny On Fri, Mar 1, 2013 at 11:04 PM, Arran Cudbard-Bell < a.cudba...@freeradius.org> wrote: > > > > "Or are you talking about failing over between upstream proxy servers?" > > > > Does this mean a setup of Radius load balancing? I mean a few Radius > server that used by the same AP ? So from AP point of view i just need to > point to the "master" Ip address of the first radius server? > > No. That's talking about when you use FreeRADIUS to forward packets onto > another RADIUS server. > > FreeRADIUS cannot tell the Access Point about alternative RADIUS servers > in the same cluster. It's not supported by the protocol. > > You need to configure them manually on each Access Point. > > If you want redundancy try using something like VRRP or Anycast. > > -Arran > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
