<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>yeah it is confirmed network issue. had to reboot the NAS. thanks guys!<br></span></div><div><br></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><font face="Arial" size="2"><hr size="1"><b><span style="font-weight: bold;">From:</span></b> Fajar A. Nugraha <list@fajar.net><br><b><span style="font-weight: bold;">To:</span></b> FreeRadius users mailing list <freeradius-users@lists.freeradius.org><br><b><span style="font-weight: bold;">Sent:</span></b> Tuesday, September 6, 2011 4:51 PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: RADIUS Sending Duplicate Reply<br></font><br>On Tue, Sep 6, 2011 at 3:26 PM, Det Det <<a ymailto="mailto:det.explorer@yahoo.com"
href="mailto:det.explorer@yahoo.com">det.explorer@yahoo.com</a>> wrote:<br>> Hi,<br>> This question maybe a bit off from RADIUS, but is there a way to limit NAS<br>> or RADIUS to send only one access-request/access-accept in a single dial<br>> attempt?<br><br>You're looking at things the wrong way.<br><br>It's like you're on a beach, and there's a big sign saying "no<br>swimming" because the beach is infested with jellyfish, but you decide<br>to swim anyway. And then when the jellyfish stings you asked "how to<br>make it so it doesn't hurt".<br><br>> i am connecting via PPPoE. I can see from RADIUS logs receiving<br>> multiple access-request thus it is also giving multiple access-accept. How<br>> do i prevent this? Coz it is causing an issue "connection is terminated<br>> because the remote server did not respond in a timely manner". Then I have<br>> to redial again coz the IP does not get assigned to the client.<br><br>I'm
guessing what happens is something like this:<br>- the NAS sends access-request<br>- radius accepts the request, and consult whatever backend it uses<br>(e.g. files, db, ldap, etc)<br>- backend processing takes a long time<br>- client sends the request again since radius hasn't respond<br>- radius accepts the request again, and notice that it's a duplicate request<br>- processing finally completes. since there are multiple request<br>received, radius sends multiple response (and logs them as duplicates)<br><br>OR<br><br>- the NAS sends access-request<br>- radius accepts the request, and consult whatever backend it uses<br>(e.g. files, db, ldap, etc)<br>- radius sends the response, but the response comes from different IP<br>address then what the NAS expects<br>- client sends the request again since it didn't receive expected<br>response from the correct IP address<br>- radius accepts the request again, notice that it's a duplicate<br>request, and simply
sends the response again<br><br>If it's case #1, you need to fix the backed. Usually it involves<br>indexing, fixing schemas/queries, upgrading hardware, and so on.<br><br>If it's #2, the easiest way is to just register the radius's primary<br>IP address in client's radius server list. Another alternative is to<br>use "--with-udpfromto" when compiling freeradius.<br><br>-- <br>Fajar<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br><br><br></div></div></div></body></html>