Error: Ignoring duplicate packet from client
Alan DeKok
aland at deployingradius.com
Thu Jul 8 15:07:18 CEST 2021
On Jul 7, 2021, at 8:23 PM, Nicolás Ciuffolotti via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Sorry about my English, I'm still learning.
Your English is fine.
> I have a Red Hat Enterprise Linux Server release 7.9 server and I have
> package freeradius-3.0.13-15.el7.x86_64 already installed and latest
> version installed for rhel-7-server-rpms repository
> I have installed openldap-2.4.44-23.el7_9.x86_64 as well.
> The LDAP server is active at all times, but when the FR starts receiving
> connections from NAS, the cpu process grows up and those errors start to be
> written to the radius log.
Yes, I understood that from your first message. You don't need to repeat it.
The "Module rlm_ldap became unblocked" message comes out because of the following:
* FreeRADIUS receives a packet
* FreeRADIUS queries LDAP
* nothing happens for 5 seconds
* LDAP eventually returns an answer to FreeRADIUS
The solution is simple: Fix LDAP so that it doesn't take 5 seconds to respond to FreeRADIUS.
There is NOTHING you can do to FreeRADIUS to fix the LDAP server.
And there is no reason for FreeRADIUS to use 80-90% CPU. The default configuration is fast, and can handle 20K packets/s at 50% CPU load.
So the question is: What changes did you make in the default configuration? WHY is it using 80-90% CPU?
We can't explain why it's using 80% CPU, because (a) the default configuration doesn't do that, and (b) you haven't described what changes you made.
i.e. You should know what you've changed, and your shouldn't make changes which use 80% CPU.
Alan DeKok.
More information about the Freeradius-Users
mailing list