Ok... can you say what platform you are running it on?
It's an ARM running Montevista Linux.
I'd suspect radutmp and/or radwtmp. Why are you using those? Do you need them?
Nope. They were around because we didn't know enough to scrub the config files to remove unused modules. We have now removed references to these as well as all sql-related configs from radiusd.conf. We also moved out 'pam', 'sql-counter', 'detail.example.com', 'mac2vlan', 'krb5', 'sradutmp', 'wimax', 'perl' and 'ldap' from the 'modules' directory. And modified 'sites-available/inner-tunnel' and 'sites-available/default' to remove references to radutmp. The server seems faster but we still see some 'discarding duplicate request from client' messages in radius.log. The debug output for one such client is below: (chap/mschap/suffix returns noop. I don't know what that means.) Going to the next request Waking up in 2.1 seconds. rad_recv: Access-Request packet from host 192.168.0.232 port 1418, id=102, lengt h=296 Message-Authenticator = 0x6bf2d880bd907dd9b4e327b0ed7aff74 Service-Type = Framed-User User-Name = "000000093701b104" Framed-MTU = 1488 State = 0x86e621af86e7383ccbec5f2181722704 Called-Station-Id = "001E2AECC893:TI-NAV-N-001E2AECC893" Calling-Station-Id = "00093701B104" NAS-Identifier = "netgearecc892" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201005619800000004c160301004701000043030145994871a26e9f222a077054ef1e14a22356d029fe14610021edf5d98291fb9400001c0016000a0005000400640062006100600015000900140008000600030100 NAS-IP-Address = 192.168.0.232 NAS-Port = 14 NAS-Port-Id = "STA port # 14" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "000000093701b104", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 86 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 76 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0047], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 102 to 192.168.0.232 port 1418 EAP-Message = 0x0102040019c000000aad160301002a02000026030100000aed4888c1cff2bdb0da7542f34c31902d463f1d1eeee7d047dfe83cdefd00001600160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039303330333135343031345a170d3130303330333135343031345a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d594ca11035bb697ac3bea14f92ef0d99be18c91ece91b91b45f5c808d085b8aad053689568a31467824ce7780f857cb73d6f5135aa168909bef37632bfe EAP-Message = 0x122f1f84f886b92c864182ced13b7d6fe4954296e852df73db3a8993a2618bbc260154dd5940a3f8912843096b34afddff1458836918077190a78c5541fe624617140bdb41bfc66bd954521b3409fbabcbd74b26725daa8d9d82e6a3e28c617933a11f11fcdf3c49436a56aa9d6ef8fe7d8bb867c8d577520219558210c3e9bff4555dc6896f61e94fc404fa7287ebf7a128f969ac55a7b7ce3787e00ce21d7f718f4dffa93f60e0713f9ef723500f0c40bafb6bf23f236ea091479847914917d0130203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100764f73fbf1e2cddfcc EAP-Message = 0x284b9fea1ba135c65946f4e7a4ec44e45e8f3d16870048a1a55567ab5bf083fbd6d16a929ed4489238e24ecb66d97dbfa24998c1b661f68cb16f980cbccbc67984e6b807324fba5eee16a319d60390010c8259643b439fcc50c9fb30557c543b5633ee860777d8d3a0ba8a7f37010eaa7004e1e2257f7d028da6dc0adbd855586e6a4b2c0323e1df6337674a842e40c49eb01a77a13fc0eeda2687ba5beed8f093ba7e80f63376326737399ff4d28d18e56ccb42744ca8613e094bf56dc4d1a6a0de185928083aed0cd26da2f69d715da11a3d548794411efa1333dc5db9ae1e69208a357fefb7f79fa7cc959166e00efbb153eedf2cf70004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x86e621af87e4383ccbec5f2181722704 Finished request 10. Going to the next request Waking up in 0.7 seconds. rad_recv: Access-Request packet from host 192.168.0.232 port 1418, id=102, length=296 Sending duplicate reply to client test-net port 1418 - ID: 102 Sending Access-Challenge of id 102 to 192.168.0.232 port 1418 Waking up in 0.7 seconds. rad_recv: Access-Request packet from host 192.168.0.232 port 1418, id=103, length=216 Message-Authenticator = 0xdfb75fac30c3d5eef250a17ce0bdb188 Service-Type = Framed-User User-Name = "000000093701b104" Framed-MTU = 1488 State = 0x86e621af87e4383ccbec5f2181722704 Called-Station-Id = "001E2AECC893:TI-NAV-N-001E2AECC893" Calling-Station-Id = "00093701B104" NAS-Identifier = "netgearecc892" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020200061900 NAS-IP-Address = 192.168.0.232 NAS-Port = 14 NAS-Port-Id = "STA port # 14" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "000000093701b104", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 103 to 192.168.0.232 port 1418 EAP-Message = 0x010303fc194000feada2bc5177f382300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303330333135343031345a170d3130303330333135343031345a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100aff59b69f34f27a8922dd9474ccc00464f6d58db2e7cac620ede571d8f6bc87504156ee3ae44ddec37da512a67950fb70ec432f538d0c00a2694e266861ce097c968d1ab555ae9689f59e304311db4e5cb6f13574a56a7e20e4c624cf3b957bcb79f5b8b9e3bebd646cad0dd275bd6 EAP-Message = 0x70a4940f6ba964a7bc491065ecd81a0929c3590ef7c6f9dab1c323d72390bc63525b87e0b836874dd651c9df7619ae66d89547b080b8f435f512685a1c2aef6b1d18a35a3b46be61b89c22bed59c19549b5f3988b4d3c563767006775fdfca936ad2275767b0360e2a49d774b6bdf90ed8f53c8938d337c2f1614007c8a427d36ebf6ebbaa99551bd49b534bc4c165eacd0203010001a381fb3081f8301d0603551d0e04160414ec834741fc51f4a46b42740ec8f8aea3804c85a83081c80603551d230481c03081bd8014ec834741fc51f4a46b42740ec8f8aea3804c85a8a18199a48196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900feada2bc5177f382300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008fb06746b5666f0c1d9e1da543a84973a01b5ef2a29b7ef92bd02c05867c980f61f7190422dc5f9428a3a03e1f56d06b339aca8940085e2de47976a248d74b210dc9ab686f7fe6e3fdad450f47a151555c4c EAP-Message = 0xef2dd79b865e6630 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x86e621af84e5383ccbec5f2181722704 Finished request 11. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 192.168.0.232 port 1418, id=104, length=216 Thanks, - Harshal