Replicated Acctounting blocks replys
Alan DeKok
aland at deployingradius.com
Sat May 3 01:11:05 CEST 2014
Dalton Porter wrote:
> Alan, I did run in debugging mode. I didn't notice any error. I'm
> attaching here in case I have missed something.
That's really the point.
> Attaching debug.
> NAS=10.106.1.45
> radius svr 2 = 10.101.248.112
> What I see is after the Access Req/Resp, the NAS keeps sending
> Accounting Reqs.
You'll also see that FreeRADIUS doesn't reply/
> Looking at tcpdump, I can see the Acct Response packet makes it from
> svr2 to srv1, but there is an ICMP port not reachable, which
> I interpret to mean svr1 is not listening on that port (expected because
> replicate is fire and forget)
OK.
> But then why doesn't svr1 respond to the NAS with an Accounting Response?
Because it's been misconfigured.
The default configuration has the server respond to Accounting-Request
packets. If it doesn't respond, it's usually because you edited
something, and broke it.
Or, it's because there's a bug in 2.1.12. Which is many years old.
Upgrade to 2.2.5.
> It fails to do so, so in a few sec, the NAS sends another accounting req.
> This cycle repeats a few times - sometimes NAS just won't give up.
Which is what the NAS is supposed to do for accounting packets.
> ++[replicate] returns ok
> Finished request 3.
> Cleaning up request 3 ID 124 with timestamp +28
i.e. it doesn't send an Accounting-Response. THAT is the source of
the problem.
I suggest just upgrading.
Alan DeKok.
More information about the Freeradius-Users
mailing list