Stop "Sending duplicate proxied request"

David Aldwinckle daldwinckle at uwaterloo.ca
Fri Dec 11 22:40:05 CET 2015


Hi All,

I've configured FreeRadius + Duo 2-factor authentication, like so:

- NAS sends Access Request to FreeRadius
- FreeRadius proxies the request to the Duo Authentication Proxy (id 1)
- Duo sends an Access Request to FreeRadius for the same username (id 2)
- If Duo receives an Access-Accept for id 2, it then sends its 2 factor authentication request to a mobile device.
- The users hits OK, Duo sends an Access-Accept for id 1, using the reply-attributes of id 2.

It seems strange but it works. The problem I am having, is that if the user doesn't immediately accept or decline the Duo request, they are bombarded with duplicates.

I believe it is because FreeRadius is sending duplicate requests without waiting for an answer:

Waking up in 0.3 seconds.
(2) Expecting proxy response no later than 19.666697 seconds from now
Waking up in 2.0 seconds.
(0) Sending duplicate proxied request to home server 10.10.10.10 port 1812 - ID: 186

The duplicate is sent long before the 19 second timer from above has expired.

Can I stop that behaviour somehow?

Thanks,
Dave


More information about the Freeradius-Users mailing list