Date: Fri, 29 Aug 2003 16:31:30 +0200 From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no> To: <freebsd-questions@freebsd.org> Subject: PPP and radius.conf - shouldnt it be doing round-robin? Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DF2A@exchange.wanglobal.net>
next in thread | raw e-mail | index | archive | help
I use userland ppp with radius authentication against 2 radius=20
servers, on a freebsd 4.8-stable box that i use as a router/gateway.
The two servers are on two different interfaces, it seems that=20
when i unplug the first server (#1 in radius.conf)
from the switch the arp cache on the gateway will time out and=20
a "Host is down" message is generated (or icmp host unreachable).=20
All authentication requests are then automatically denied without=20
consulting the second server.
If i then swap the order of the radius servers in radius.conf while
the first server is still down, i get authenticated.
If i arp -s the mac address of the unplugged server, and it's the=20
first one in radius.conf, the authentication mechanism proceeds to
query the second server and i get authenticated.
Is this intended or is it one of those icmp unreach/host down issues
i've seen more and more often lately?
i read this in 'man radius.conf':
Up to 10 RADIUS servers may be specified for each service type. =
The
servers are tried in round-robin fashion, until a valid response is
received or the maximum number of tries has been reached for all =
servers.
uname -a:
FreeBSD fictious 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Sun Aug
3 00:55:37 GMT 2003 root@fictious:/usr/obj/usr/src/sys/WACCESS i386
- Sten
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0AF1BBDF1218F14E9B4CCE414744E70F07DF2A>