From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 29 07:34:03 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5651F16A4BF
	for <freebsd-questions@freebsd.org>;
	Fri, 29 Aug 2003 07:34:03 -0700 (PDT)
Received: from exchange.wan.no (exchange.wan.no [80.86.128.88])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3A64C43FBF
	for <freebsd-questions@freebsd.org>;
	Fri, 29 Aug 2003 07:34:01 -0700 (PDT)
	(envelope-from sten.daniel.sorsdal@wan.no)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 29 Aug 2003 16:31:30 +0200
Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DF2A@exchange.wanglobal.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: PPP and radius.conf - shouldnt it be doing round-robin?
Thread-Index: AcNuOnxCX+ylmgPjRDWqwdB6me0prw==
From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no>
To: <freebsd-questions@freebsd.org>
Subject: PPP and radius.conf - shouldnt it be doing round-robin?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2003 14:34:03 -0000


I use userland ppp with radius authentication against 2 radius=20
servers, on a freebsd 4.8-stable box that i use as a router/gateway.

The two servers are on two different interfaces, it seems that=20
when i unplug the first server (#1 in radius.conf)
from the switch the arp cache on the gateway will time out and=20
a "Host is down" message is generated (or icmp host unreachable).=20

All authentication requests are then automatically denied without=20
consulting the second server.

If i then swap the order of the radius servers in radius.conf while
the first server is still down, i get authenticated.

If i arp -s the mac address of the unplugged server, and it's the=20
first one in radius.conf, the authentication mechanism proceeds to
query the second server and i get authenticated.

Is this intended or is it one of those icmp unreach/host down issues
i've seen more and more often lately?

i read this in 'man radius.conf':
     Up to 10 RADIUS servers may be specified for each service type.  =
The
     servers are tried in round-robin fashion, until a valid response is
     received or the maximum number of tries has been reached for all =
servers.

uname -a:
	FreeBSD fictious 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Sun Aug
	3 00:55:37 GMT 2003 root@fictious:/usr/obj/usr/src/sys/WACCESS  i386

- Sten