This optional flag can be used to work around various problem
that might arise with remote RADIUS servers in some
circumstances.
In the standard RADIUS protocol;, the packet
identifier is only 8 bits (0 to 255), which means that a RADIUS server can
only have 256 requests pending from a given client at any time. This flag
forces AuthBy RADIUS to use a much larger range of identifiers (at least
32 bits) carried in the Proxy-State attribute, meaning that many more
requests can be pending at a given time, and that replies from a remote
RADIUS server are more accurately matched to their original
requests.
One such problem is flooding of remote servers by large
number of new requests occurring at the same time, such as after a power
failure in a large part of the city, resulting in lots of requests being
proxied all at the same time.
Another problem is in the case of some
types of remote server which do not send their replies from the same port
and address to which they were sent.
Tip
The correct
operation of this parameter requires that the remote RADIUS server honours
the Proxy-State attribute correctly by replying it back to the sender
exactly as it was sent. Most modern RADIUS server (including Radiator)
behave correctly in this respect.