Updating dictionary.erx based on Juniper documentation

[freeradius.git] / raddb / proxy.conf

diff --git a/raddb/proxy.conf b/raddb/proxy.conf
index f557426..5527ce9 100644 (file)
--- a/raddb/proxy.conf
+++ b/raddb/proxy.conf
@@ -32,6 +32,13 @@ proxy server {
        #  In 2.0, the server is always "synchronous", and setting
        #  "synchronous = no" is impossible.  This simplifies the
        #  server and increases the stability of the network.
+       #  However, it means that the server (i.e. proxy) NEVER
+       #  originates packets.  It proxies packets ONLY when it receives
+       #  a packet or a re-transmission from the NAS.  If the NAS never
+       #  re-transmits, the proxy never re-transmits, either.  This can
+       #  affect fail-over, where a packet does *not* fail over to a
+       #  second home server.. because the NAS never retransmits the
+       #  packet.
        #
        #  If you need to set "synchronous = no", please send a
        #  message to the list <freeradius-users@lists.freeradius.org>
@@ -226,8 +233,13 @@ home_server localhost {
        #  packets sent to that home server will have a
        #  Message-Authenticator attribute.
        #
+       #  We STRONGLY recommend that this flag be set to "yes"
+       #  for ALL home servers.  Doing so will have no performance
+       #  impact on the proxy or on the home servers.  It will,
+       #  however, allow administrators to detect problems earlier.
+       #
        #  allowed values: yes, no
-       require_message_authenticator = no
+       require_message_authenticator = yes
 
        #
        #  If the home server does not respond to a request within