190
193
############################################################
193
# If the home server doesn't respond to the request within
194
# this time, this server will consider the request dead, and
195
# respond to the NAS with an Access-Reject.
196
# You can optionally specify the source IP address used when
197
# proxying requests to this home server. When the src_ipaddr
198
# it set, the server will automatically create a proxy
199
# listener for that IP address.
201
# If you specify this field for one home server, you will
202
# likely need to specify it for ALL home servers.
204
# If you don't care about the source IP address, leave this
207
# src_ipaddr = 127.0.0.1
209
# RFC 5080 suggests that all clients SHOULD include it in an
210
# Access-Request. The configuration item below tells the
211
# proxying server (i.e. this one) whether or not the home
212
# server requires a Message-Authenticator attribute. If it
213
# is required (value set to "yes"), then all Access-Request
214
# packets sent to that home server will have a
215
# Message-Authenticator attribute.
217
# allowed values: yes, no
218
require_message_authenticator = no
221
# If the home server does not respond to a request within
222
# this time, this server will initiate "zombie_period".
224
# The response window is large because responses MAY be slow,
225
# especially when proxying across the Internet.
197
227
# Useful range of values: 5 to 60
198
228
response_window = 20
201
# If the home server does not respond to ANY packets for
202
# a certain time, consider it dead. This time period is
203
# called the "zombie" period, because the server is neither
231
# If you want the old behavior of the server rejecting
232
# proxied requests after "response_window" timeout, set
233
# the following configuration item to "yes".
235
# This configuration WILL be removed in a future release
236
# If you believe you need it, email the freeradius-users
237
# list, and explain why it should stay in the server.
239
# no_response_fail = no
242
# If the home server does not respond to ANY packets during
243
# the "zombie period", it will be considered to be dead.
245
# A home server that is marked "zombie" will be used for
246
# proxying as a low priority. If there are live servers,
247
# they will always be preferred to a zombie. Requests will
248
# be proxied to a zombie server ONLY when there are no
251
# Any request that is proxied to a home server will continue
252
# to be sent to that home server until the home server is
253
# marked dead. At that point, it will fail over to another
254
# server, if a live server is available. If none is available,
255
# then the "post-proxy-type fail" handler will be called.
257
# If "status_check" below is something other than "none", then
258
# the server will start sending status checks at the start of
259
# the zombie period. It will continue sending status checks
260
# until the home server is marked "alive".
206
262
# Useful range of values: 20 to 120
207
263
zombie_period = 40
251
307
# As a result, we recommend enabling status checks, and
252
308
# we do NOT recommend using "revive_interval".
254
# If the "status_check" entry below is not "none", then the
255
# "revive_interval" entry can be deleted, as it will not be
310
# The "revive_interval" is used ONLY if the "status_check"
311
# entry below is not "none". Otherwise, it will not be used,
312
# and should be deleted.
258
314
# Useful range of values: 60 to 3600
259
315
revive_interval = 120
323
379
# Useful range of values: 3 to 10
324
380
num_answers_to_alive = 3
383
# The configuration items in the next sub-section are used ONLY
384
# when "type = coa". It is ignored for all other type of home
387
# See RFC 5080 for the definitions of the following terms.
388
# RAND is a function (internal to FreeRADIUS) returning
389
# random numbers between -0.1 and +0.1
391
# First Re-transmit occurs after:
393
# RT = IRT + RAND*IRT
395
# Subsequent Re-transmits occur after:
397
# RT = 2 * RTprev + RAND * RTprev
399
# Re-trasnmits are capped at:
401
# if (MRT && (RT > MRT)) RT = MRT + RAND * MRT
403
# For a maximum number of attempts: MRC
405
# For a maximum (total) period of time: MRD.
408
# Initial retransmit interval: 1..5
411
# Maximum Retransmit Timeout: 1..30 (0 == no maximum)
414
# Maximum Retransmit Count: 1..20 (0 == retransmit forever)
417
# Maximum Retransmit Duration: 5..60
327
422
# Sample virtual home server.
403
498
# If there is no Load-Balance-Key in the control items,
404
499
# the load balancing method is identical to "load-balance".
501
# For most non-EAP authentication methods, The User-Name
502
# attribute provides a good key. An "unlang" policy can
503
# be used to copy the User-Name to the Load-Balance-Key
504
# attribute. This method may not work for EAP sessions,
505
# as the User-Name outside of the TLS tunnel is often
506
# static, e.g. "anonymous@realm".
407
509
# The default type is fail-over.