Security

We just fired up CPPM as a guest-network solution, and from what I'm seeing, it appears

that, when used as a home server, CPPM does not respond to Status-Server keepalive

packets.  Is this something we've missed in the configuration, a known bug, or should I

be heading over to the "ideas" to add a feature request?

The result of this is that during small network and/or VM resource blips, if the server is

out long enough to be declared "zombie" and then no actual requests come in, it gets

declared "dead" and will not resurrect unless it responds to Status-Server requests.  We could

of course switch to using the old hackery of forging fake requests from the proxy, but I'd

expect CPPM to be a bit more modern than that.

What do you mean by "home" server?

Aruba controllers and switches use a dummy authentication request to mark RADIUS servers in and out of service.

We have a proxy in between CPPM and the controllers for accounting packets to do some extra business logic in unlang.

This indeed is supported...I found it here...

Adminsitration --> Server Manager --> Server Configuration --> Then select the tab "Service Parameters". Then RADIUS server.

See screenshot

Excellent, thanks Seth!  I just could not find that, and not for lack of mousing around.

"Zombie" servers are down but will be tried as a last resort in a load-balance pool,
or just tried of they are alone, and if they answer they will come back "alive".
After a while if they do not answer they become "dead".   Pings are only sent to
"Dead" servers and they won't be tried until they answer a ping.  The pings can be
Status-Server, or fake Access-Requests or Accounting-Requests.  The former (see rfc5997)
is preferred in modern setups.

Any server that did not see a reply can send the pings.  They are not proxied -- they are a single-hop

keepalive.  In this case the proxy is sending the pings to CPPM.   The controllers are configured

to send accounting packets to the proxy (auth packets just go directly to CPPM.)