Home servers constantly zombied, and I can't figure out how to fix it

Thu Jul 15 22:19:01 CEST 2010

Good morning, everybody. I have a problem.

I have FreeRADIUS 2.1.3 servers that are proxying accounting information
to two remote RADIUS servers (radiator, if it matters.)

My problem is that the two servers I am sending to are constantly
declared zombies.  Perhaps related is that in packet traces on the
RADIUS servers, I see my RADIUS servers sending duplicate packets. I do
not know if the duplicate packets are because the NAS is sending
duplicate packets to me (it is indeed sending duplicate packets,
according to wireshark), or if it is something on the RADIUS server's
end. Furthermore, in wireshark, I also see plenty of 'Malformed
Packets', but I don't know if that's because the packet is *truly*
Malformed, or if it is because wireshark is having some issues (the
RADIUS servers are VMWare Virtual Machines, and I've seen previously
that various things can cause  wireshark to detect malformed packets
when they actually are fine.)

I have been making a lot of configuration changes (esp. with regard to
the check interval, number of responses before alive, etc) - so if
anything is seriously out of whack, let me know - but it seems that no
matter what, those systems get marked as zombies by my RADIUS servers a
half a dozen times a minute.

I'm pasting some of my relevant configs below; if anything is way out of
line, please let me know (it may be from my desperate tweaking). Any
minor inconsistencies may be from me 'cleaning it up' so I'm not
broadcasting any useful information.  (Please note: I have my
status_check as 'request' even though the other side DOES support the
status-server, and will likely go back to that once this is all over,
and it doesn't break things.)

Adam

radiusd.conf:

max_request_time = 90
cleanup_delay = 10
max_requests = 262144
hostname_lookups = no

thread pool {
	start_servers = 10
	max_servers = 128
	min_spare_servers = 3
	max_spare_servers = 30
	max_requests_per_server = 0
}
#############################
sites-enabled/accounting.conf :

home_server acct1 {
        type = acct
        ipaddr = xxx.xxx.xxx.xxx
        port = 1813
        secret =  xxxxxxxxxxx
        response_window = 60
        zombie_period = 120
        check_interval = 10
        num_answers_to_alive = 1
        status_check = request
        username = "xxxxxxxxxxxx"
        password = "xxxxxxxxxxxx"
}

home_server acct2 {
        type = acct
        ipaddr = yyy.yyy.yyy.yyy
        port = 1813
        secret = yyyyyyyyyyyyy
        response_window = 60
        zombie_period = 120
        check_interval = 10
        num_answers_to_alive = 1
        status_check = request
        username = "xxxxx"
        password = "xxxxx"
}

home_server_pool acct-pool {
        type = load-balance
        home_server = acct1
        home_server = acct2
}

realm myacct {
        acct_pool = acct-pool
}

##################
detail-reader.conf :

server acct-relay {
	listen {
		type = detail
		filename = (my detail file)
		load_factor = 100
	}

	accounting {
		   ok	
	}

	pre-proxy {
	}
	post-proxy {
	}