PPP and radius.conf - shouldnt it be doing round-robin?

Sten Daniel Sørsdal sten.daniel.sorsdal at wan.no
Fri Aug 29 07:34:03 PDT 2003

I use userland ppp with radius authentication against 2 radius 
servers, on a freebsd 4.8-stable box that i use as a router/gateway.

The two servers are on two different interfaces, it seems that 
when i unplug the first server (#1 in radius.conf)
from the switch the arp cache on the gateway will time out and 
a "Host is down" message is generated (or icmp host unreachable). 

All authentication requests are then automatically denied without 
consulting the second server.

If i then swap the order of the radius servers in radius.conf while
the first server is still down, i get authenticated.

If i arp -s the mac address of the unplugged server, and it's the 
first one in radius.conf, the authentication mechanism proceeds to
query the second server and i get authenticated.

Is this intended or is it one of those icmp unreach/host down issues
i've seen more and more often lately?

i read this in 'man radius.conf':
     Up to 10 RADIUS servers may be specified for each service type.  The
     servers are tried in round-robin fashion, until a valid response is
     received or the maximum number of tries has been reached for all servers.

uname -a:
	FreeBSD fictious 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Sun Aug
	3 00:55:37 GMT 2003 root at fictious:/usr/obj/usr/src/sys/WACCESS  i386

- Sten

More information about the freebsd-questions mailing list