problems with authentication on freeradius using mikrotik

juliana sales porto julianaporto3 at hotmail.com
Wed Oct 9 19:40:25 CEST 2019


Thanks a lot. I will take a look, because I can't check the NAS from Mikrotik. This problem is happening and some locals with MK. I will try to find something to capture the package


Att,

Juliana Porto

________________________________
De: Freeradius-Users <freeradius-users-bounces+julianaporto3=hotmail.com at lists.freeradius.org> em nome de Orestes Leal Rodríguez <olealrd1981 at gmail.com>
Enviado: quarta-feira, 9 de outubro de 2019 13:44
Para: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Assunto: Re: problems with authentication on freeradius using mikrotik

Juliana,

On 10/9/19, juliana sales porto <julianaporto3 at hotmail.com> wrote:
> So let me think if I understood correctly
> all these msgs:
> Wed Oct  9 12:25:30 2019 : Info: rlm_radutmp: Login entry for NAS 10.71.2.30
> port 2162201848 duplicate
> Wed Oct  9 12:25:30 2019 : Error: rlm_radutmp: Logout for NAS 10.50.4.30
> port 2162197987, but no Login record
> Wed Oct  9 12:25:32 2019 : Error: Discarding duplicate request from client
> all port 59797 - ID: 175 due to unfinished request 188853
> Wed Oct  9 12:25:33 2019 : Error: Discarding conflicting packet from client
> all port 59797 - ID: 175 due to recent request 188853.
> Wed Oct  9 12:25:33 2019 : Error: Discarding conflicting packet from client
> all port 48639 - ID: 157 due to recent request 188856.
> Wed Oct  9 12:25:34 2019 : Info: rlm_radutmp: Login entry for NAS 10.71.2.30
> port 2162201849 duplicate
> Wed Oct  9 12:25:35 2019 : Error: Discarding duplicate request from client
> all port 60778 - ID: 65 due to unfinished request 188863
> Wed Oct  9 12:25:35 2019 : Error: Discarding conflicting packet from client
> all port 60778 - ID: 65 due to recent request 188863.
>
> It's better now?
>
> So all these issues is because my database is slow?
> But I have another question, why this issues doesn't happen with pfsense or
> aruba authetication? Only mikrotik?

Can you do a packet capture and configirm that the NAS is sending duplicates?

From RFC 2865:

The RADIUS server can detect a duplicate request if  it has the same
client source IP address and source UDP port and Identifier within a
short span of time

And Also from https://tools.ietf.org/html/rfc5080#section-2.2.2

The NAS is the problem.

Orestes



>
>
> Att,
>
> Juliana Porto
>
> ________________________________
> De: Freeradius-Users
> <freeradius-users-bounces+julianaporto3=hotmail.com at lists.freeradius.org> em
> nome de Alan DeKok <aland at deployingradius.com>
> Enviado: quarta-feira, 9 de outubro de 2019 09:56
> Para: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Assunto: Re: problems with authentication on freeradius using mikrotik
>
> On Oct 9, 2019, at 8:53 AM, juliana sales porto <julianaporto3 at hotmail.com>
> wrote:
>>
>> Alan the FreeRADIUS these logs of error. A little help, please? 😄
>
>   It's not a good idea to post images to the mailing list.  Is it really
> that difficult to cut & paste text from a terminal window?
>
>   The error messages are always due to the same issue.  A back-end database
> is slow and is blocking the server.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list