Radius server retry with different secret
Nicolas Goy
kuon at goyman.com
Tue Aug 4 13:13:14 EDT 2020
On 03.08.20 06:20, Nicolas Goy wrote:
> (sorry for half message, I hit send by mistake)
>
> Hello,
>
>
>
> I am trying to implement a radius client, but I have an issue with server failover.
>
>
> I based my code on radius_example.c, and in this example, the auth message is build and sent only once.
>
>
> Now, if all failover servers have the same shared_secret, the failover works, but if they don't, the auth message needs to be rebuilt.
>
>
> In radius_client.c, there is a note about that:
>
> /* Pending RADIUS packets used different shared secret, so
> * they need to be modified. Update accounting message
> * authenticators here. Authentication messages are removed
> * since they would require more changes and the new RADIUS
> * server may not be prepared to receive them anyway due to
> * missing state information. Client will likely retry
> * authentication, so this should not be an issue. */
>
>
> Now my question is: how can I be notified in my code that this occurred and that I need to rebuild the message and recall radius_client_send ?
>
> Regards
>
I ended up disabling radius_client.c built in multi server support and rolled my own retry logic. It's a bit less efficient as I reopen socket each time, but it works well.
--
Nicolas Goy
Programmer
https://www.kuon.ch
Goyman SA
https://www.goyman.com
More information about the Hostap
mailing list