Accounting-Response packet with invalid signature!
Alan DeKok
aland at ox.org
Tue Mar 21 23:14:14 CET 2006
"Ryan Melendez" <rmelendez at wayport.net> wrote:
> This particular NAS take about 25 seconds to send the
> Accounting-Response. By the time it's sent its response freeradius has
> moved on to the second or third retry. The authenticator calculated by
> the NAS is for the initial accounting packet and is invalid for the
> second request due to a change in the Acct-Delay-Time (and possibly
> proxy-state). Freeradius then bails out:
The solution is to *not* have FreeRADIUS do re-transmits of
accounting packets. If the other server doesn't respond, the
accounting packet should be discarded. The NAS will take care of
retries.
> What is the correct way to do this according to the RFC? 25 seconds is
> an extremely long delay but it seems there should be a way to handle
> this. I tried playing with cleanup_delay, but I'm not getting anywhere.
> Do I have to set the retry_delay very high to have a better chance? 25
> seconds is a long time to wait if the host is actually down.
Delete the code in the server that does the re-transmit of
accounting packets.
Alan DeKok.
More information about the Freeradius-Users
mailing list