hostapd 0.5.7: failover to secondary RADIUS problem

Jouni Malinen j at w1.fi
Thu Apr 3 12:13:16 EDT 2008


On Thu, Apr 03, 2008 at 04:28:41PM +0200, Lambert Anne wrote:

> I am using hostapd 0.5.7 + madwifi driver and a Cisco card on a RHEL5
> system. Hostapd is configured to use 802.1X authorization with 2
> external Authentication Servers. The radius servers are both running
> under RHEL4 and use freeradius-server-2.0.1.

> This is working fine when the primary server is started. 
> I wanted however to test the failover to the secondary server: I stopped
> the primary server and waited to see when hostapd would start using the
> secondary one. And this never happened... 

How long did you wait? The RADIUS client code in hostapd is trying to
fallback to the secondary server after four failed retry attempts and
that takes about 90 seconds with the default retransmit values.

> I saw the following in the printouts:
> recv[RADIUS]: Connection refused
> 
> which seems normal since the server is not running but hostapd never
> seem to try the secondary one...

You should see this happening four times before the switch..

> I then shut down the IP address attached to the primary server and
> noticed that this time hostapd was switching to the secondary server.

Hmm.. What exactly do you mean with "I stopped the primary server" and
"shut down the IP address attached to the primary server"? If one of
these works, but the other one does not cause a change in the used
RADIUS servers, it does not sound expected.. The fallback is done based
on number of retries, so the specific error code should not change the
behavior.

Could you please send me debug logs from hostapd (-ddt on command line)
showing both the case where there is no fallback and the case where
fallback happens?

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list