Re: Radius server retry with different secret

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03.08.20 06:20, Nicolas Goy wrote:
(sorry for half message, I hit send by mistake)

Hello,



I am trying to implement a radius client, but I have an issue with server failover.


I based my code on radius_example.c, and in this example, the auth message is build and sent only once.


Now, if all failover servers have the same shared_secret, the failover works, but if they don't, the auth message needs to be rebuilt.


In radius_client.c, there is a note about that:

		/* Pending RADIUS packets used different shared secret, so
		 * they need to be modified. Update accounting message
		 * authenticators here. Authentication messages are removed
		 * since they would require more changes and the new RADIUS
		 * server may not be prepared to receive them anyway due to
		 * missing state information. Client will likely retry
		 * authentication, so this should not be an issue. */


Now my question is: how can I be notified in my code that this occurred and that I need to rebuild the message and recall radius_client_send ?

Regards



I ended up disabling radius_client.c built in multi server support and rolled my own retry logic. It's a bit less efficient as I reopen socket each time, but it works well.

--
Nicolas Goy

Programmer
https://www.kuon.ch

Goyman SA
https://www.goyman.com

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux