3.38.29. Synchronous Previous topic Parent topic Child topic Next topic

The default behaviour for <AuthBy RADIUS> is to return IGNORE as soon as the request has been forwarded to the remote RADIUS server. It will not wait for a reply before moving on to other AuthBy classes, or handling new requests. You can change this behaviour with the Synchronous flag, but make sure you understand what you are doing before enabling the Synchronous flag.
If you enable the Synchronous flag, Radiator will wait for either a reply, or a timeout from the remote radius server before processing any following AuthBy clauses, or before handling any further requests. This means that handling requests will stop until a reply is received or the reply times out (which might take 15 seconds or more, depending on the settings of your RetryTimeout and retries parameters). This can seriously affect the performance of your RADIUS server, especially if the remote radius server is slow, stopped, or at the end of a slow or unreliable link. You should therefore be very cautious about setting this flag, and you should understand the consequences of remote server failure. The performance impact of the Synchronous flag can be alleviated by use of the Fork parameter (see Section 3.28.1. Fork) at the cost of significant increase in memory requirements.
Nevertheless, Synchronous can be very handy if you wish, for example, to forward a request to remote server only if another server REJECTS the request. See the example below for sample configuration.
# Auth to server2 only if server 1 rejects. Caution: 
# accounting will normally go to server1, unless it rejects
<Realm xxxxxx>
      AuthByPolicy ContinueWhileReject
      <AuthBy RADIUS>
            # Wait here until we get a reply or a timeout
            Synchronous
            Host server1
            Secret xxxxxx
      </AuthBy>
      <AuthBy RADIUS>
            Host server2
            Secret yyy
      </AuthBy>
</Realm>