Freeradius 3.16 and mysql - duplicated entries in radpostauth
Alan DeKok
aland at deployingradius.com
Sun Aug 18 13:49:08 CEST 2019
On Aug 18, 2019, at 3:33 AM, Marcin Marszałkowski <m.marszal at wp.pl> wrote:
> I’m newbie to Freeradius and have been pulling my hair out…
> Installed Freeradius 3.16 with mysql and Daloradius. Autheticating and authorizing work (I think so).
> But I might have something misconfigured - radpostauth table is full of duplicated/always double entries with the same timestamp. And it happens only for EAP auth., PAP (radtest) and MD5 (MAC based auth.) are not affected. Does it may affect accounting?
It doesn't affect accounting. You can *read* the debug log to verify this.
The "double entries" are how PEAP works. There is an outer identity, and an inner one. They can be different.
> Following is request debug where double input to radpostauth is visible:
> ————————————————
> Sat Aug 17 18:23:36 2019 : Debug: (10) Received Access-Request Id 248 from 172.16.0.5:48453 to 172.16.0.12:1812 length 242
> Sat Aug 17 18:23:36 2019 : Debug: (10) User-Name = "Robert"
> Sat Aug 17 18:23:36 2019 : Debug: (10) NAS-Identifier = "feec3a9aeda5"
<sigh> Is it *really* that hard to read the documentation? Where should we put the documentation where you will *read* it?
We need "radiusd -X". Not "radiusd -Xxxxxxxxxxx". Among a few other issues.
Read this: http://wiki.freeradius.org/list-help
When you joined the mailing list, you were sent an email giving you that URL, and telling you what to post. The "man radiusd" page tells you to run "radiusd -X". The documentation on the main web site tells you do use "radiusd -X". We say this almost daily on the mailing list.
So... WHY are you ignoring all of the documentation?
> On top of that I have a problems with accounting, it seems like NAS doesn’t like Gigawords - quite often reports 4GB up and down. More often it happens when session is longer than shorter. Is there any any fix available on Freeradius side? Ubiquiti claims https://help.ubnt.com/hc/en-us/articles/115005255907-UniFi-Hotspot-RADIUS-Attributes their APs should be working with this attribute. NAS it is Unifi AP AC Pro.
Ask the NAS vendor how there equipment works.
> So, where do I need to troubleshoot, Freeradius or NAS? While looking at tcpdump on port 1812 I can see lengthy negotiation: multiple access requests and access challenges (12 times) followed finally by access accept... I don't know how many requests and challenges should be there.
If you get an Access-Accept, why you do care how many packets there are?
If you really want to know how many packets there *should* be, then read the documentation / specifications for EAP. But given the avoidance of all documentation. I guess that won't happen.
Alan DeKok.
More information about the Freeradius-Users
mailing list