3.42.33. UseExtendedIds Previous topic Parent topic Child topic Next topic

This optional flag can be used to work around various problem that might arise with remote RADIUS servers in some circumstances.
In the standard RADIUS protocol;, the packet identifier is only 8 bits (0 to 255), which means that a RADIUS server can only have 256 requests pending from a given client at any time. This flag forces AuthBy RADIUS to use a much larger range of identifiers (at least 32 bits) carried in the Proxy-State attribute, meaning that many more requests can be pending at a given time, and that replies from a remote RADIUS server are more accurately matched to their original requests.
One such problem is flooding of remote servers by large number of new requests occurring at the same time, such as after a power failure in a large part of the city, resulting in lots of requests being proxied all at the same time.
Another problem is in the case of some types of remote server which do not send their replies from the same port and address to which they were sent.
Tip
The correct operation of this parameter requires that the remote RADIUS server honours the Proxy-State attribute correctly by replying it back to the sender exactly as it was sent. Most modern RADIUS server (including Radiator) behave correctly in this respect.