Other vars for RADIUS Configuration

The following additional variables are pre-installed and used to control the RADIUS client protocol; they are pre-ENABLED and generally need not be altered:.

edit> vars print prg=auth PRG="auth" NAME="RADIUSHolddown" ENABLED VALUE="300" DESCRIPTION="seconds to ignore a non-responsive RADIUS server"

Where the client logic avoids contacting an unresponsive server for this many seconds:.

PRG="auth" NAME="RADIUSRetryPasses"
ENABLED VALUE="3" DESCRIPTION="how many times to try each RADIUS
server"

Where the client logic makes this many passes through the server list before giving up.

PRG="auth" NAME="RADIUSService" ENABLED
VALUE="radius" DESCRIPTION="RADIUS service / port # at which to
query server(s)"

Where the name of the RADIUS server port, as given in the Service registry.

PRG="auth" NAME="RADIUSTimeout" ENABLED
VALUE="5" DESCRIPTION="seconds to await each RADIUS server response"

The amount of time to wait for each response before sending another attempt.

The client logic attempts to contact only servers that have not been held-down during the first pass; subsequent passes contact each server regardless of driving record during the first pass, each server is contacted twice in a row before moving onto the next one. During subsequent passes, each server is only contacted once a rough upper-bound on the overall time for total failure for all servers is:

# servers TIMES (#passes + 1) TIMES timeout

This is an upper-bound because of the way the first pass avoids recently un-responsive servers; a lower-bound would be:

# servers TIMES (#passes - 1) TIMES timeout 

So, for example, with two servers configured and the default values, the overall failure timeout would be less than: 2 x (3+1) x 5 = 40 seconds, and greater than: 2 x (3-1) x 5 = 20 seconds