Freeradius 1.1.1: 'radclient' incorrect Authenticator

[Robles Rodriguez,Alejandro]

"Alan DeKok" <aland at nitros9.org> wrote:
>> I'm using freeradius 1.1.1 and trying to performance test it using
>> as client the 'radclient' utility program. I have been experiencing
>> some problems when load testing it since freeradius was responding
>> in some cases responding to the client with old (already sent)
>> responses when in fact the request was different (Attribute-wise at
>> least).

>  The server shouldn't do that.  The request authenticators are
>different, so the requests should be treated as different.

  I have traced (ethereal) the requests I'm sending and only 256 are
actually unique. Thereafter they are repeated over and over throughout
the requests provided in the input file. It seems like the IDs are being
reused.

>> I might be mistaken but one odd thing is that I see a comment in the
>> code saying that if a request has already been used then it needs to
>> make sure that the Authenticator value is unique. However I don't
>> see that happening in the code actually ('radclient.c', function
>> 'request_free'):

>  Look at the rest of the code.  See send_one_packet(), which creates
>a unique vector.

  I agree there it's were the "vector" is set (by invoking the MD5 library) however,
I don't see where that "vector" is made random for every request. Again I might be
mistaken but the end result is what I described above, that the same request ID gets
the exact same Authenticator value.

  The reasons why in many instances I don't get a "Re-send" of an old reply is simply
because it might no longer be stored in the cache hence a brand new one generated. The
latter behavior is dependent on the number of messages allowed in the cache and the
time before they stale. I had this time set to 5 seconds and given the performance of
a litle over 50 req/sec it was causing it to be right in the limit:

(256req / 50req/sec ~= 5 sec).

Thanks for the help.

Regards,
Alex.