Home servers constantly zombied, and I can't figure out how to fix it

Alan DeKok aland at deployingradius.com
Mon Jul 19 23:02:40 CEST 2010


Adam Bultman wrote:
> OK, so some more updates:
> 1. I'm getting pseudo-duplicate packets from my NAS
> 
> 2. The pseudo-duplicate packets are subtly different in that some items
> are missing - in my case, Calling-Station-Id.

  Your NAS looks to be pretty broken.  If it doesn't do retransmits, it
doesn't really implement RADIUS.

  My $0.02 is to go fix the NAS.  Ask the manufacturer why it doesn't
implement RADIUS.  Ask them to implement the RFC 5080 retransmission
algorithm.  It's not hard.

> 3. The "other side" tends to "zombie" on me with packets that don't
> contain the Calling-Station-Id 

  i.e. packet which aren't being retransmitted.

> 4. I'm attempting to control my detail file reader to ignore packets
> that don't have a Calling-Station-Id attribute, but I'm failing.

# in detail file reader "virtual server"
accounting {
	if (Calling-Station-Id) {
		# update proxies, etc.
	}
	else {
		ok # tell the server the packet was dealt with OK
	}
}

> First, in my detail file reader, I want to make it so that if certain
> attributes are in the packet, that I send it on it's way to the other
> servers. If they aren't there, I want to simply ignore that packet, and
> make it go away. 

  You need the "else ok" bit.  Otherwise, the detail file reader assumes
that the packet *wasn't* handled, and retransmits it.

  Alan DeKok.



More information about the Freeradius-Users mailing list