duplicate Identity received, freeradius behaviour?

Jean F. Mousinho jean.mousinho at ist.utl.pt
Mon May 18 15:21:03 CEST 2009


I've noticed that on our radius server logs lots of "EAP state variable
not found", after some packet dump analysis (also -Xf) I've noticed that
one of the cases that this happened was when some EAP Identity packets
are duplicated during parallel authentications (I mean, when at least
one session already began from the same client, and we're receiving
duplicate ).

I've noticed that these duplicate packets come with just a little
difference which is the Proxy-State, the duplicate packets then, in my
opinion could be caused by some bad proxying implementation (client EAP
Identity passing through 2 or more proxies?), or even bad load

Also, we did an upgrade of one of the two proxies connected to our home
radius server and somehow noticed that the amount of EAP state errors
was lower in the old version (1.1.7) than in the newer (2.1.3) (although
its hard to confirm that).

I've tried to compare the code from 1.1.7 and 2.1.3 and didn't come to a
clear conclusion if its there any special treatment to duplicate proxied
packets between 1.1.7 and 2.1.3 (while proxying).

Thanks for your time.

Jean F. Mousinho

More information about the Freeradius-Users mailing list