# In 2.0, the server is always "synchronous", and setting
# "synchronous = no" is impossible. This simplifies the
# server and increases the stability of the network.
+ # However, it means that the server (i.e. proxy) NEVER
+ # originates packets. It proxies packets ONLY when it receives
+ # a packet or a re-transmission from the NAS. If the NAS never
+ # re-transmits, the proxy never re-transmits, either. This can
+ # affect fail-over, where a packet does *not* fail over to a
+ # second home server.. because the NAS never retransmits the
+ # packet.
#
# If you need to set "synchronous = no", please send a
# message to the list <freeradius-users@lists.freeradius.org>
# packets sent to that home server will have a
# Message-Authenticator attribute.
#
+ # We STRONGLY recommend that this flag be set to "yes"
+ # for ALL home servers. Doing so will have no performance
+ # impact on the proxy or on the home servers. It will,
+ # however, allow administrators to detect problems earlier.
+ #
# allowed values: yes, no
- require_message_authenticator = no
+ require_message_authenticator = yes
#
# If the home server does not respond to a request within