freeradius with perl , have Discarding duplicate request from client nas_1 port 58159 - ID: 30 due to delayed response ,when reject

Muhammed Buvaydani muhammed.buvaydani at netcom.com.tr
Fri Jun 18 20:59:48 CEST 2021


thanks for the replay Mr.Alan,

but in my configuration, the delay_reject is set to 1,

I don't know but what is happening that when I rejecting a lot of users, that effecting the online users, I mean for example if I have user test1 , which is online and  I disconnect him from mikrotik , Mikrotik seems not sending the right session id with the interim-update packet.

________________________________
From: Muhammed Buvaydani
Sent: Friday, June 18, 2021 5:47:31 PM
To: freeradius-users at lists.freeradius.org
Subject: freeradius with perl , have Discarding duplicate request from client nas_1 port 58159 - ID: 30 due to delayed response ,when reject




hello , I have freeradius 3.x where I enabled Perl module for authentication, I noticed that my freeradius return this error in debug mode
Discarding duplicate request from client nas_1 port 58159 - ID: 30 due to delayed response

I thought that is because of my authentication script but then I disabled the authentication and configured  my Perl to   reject to all users without any  query or authentication (just for checking  )
but still, I have the same error

Discarding duplicate request from client nas_1 port 58159 - ID: 30 due to delayed response

this is  my perl script


use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
use IO::Socket;
use locale;
use POSIX;
use PHP::Serialization qw(serialize unserialize);
use LWP::Simple;
use Sys::Syslog;

setlocale(LC_ALL, 'C');




use constant    RLM_MODULE_REJECT=>    0;#  /* immediately reject the request */
use constant    RLM_MODULE_FAIL=>      1;#  /* module failed, don't reply */
use constant    RLM_MODULE_OK=>        2;#  /* the module is OK, continue */
use constant    RLM_MODULE_HANDLED=>   3;#  /* the module handled the request, so stop. */
use constant    RLM_MODULE_INVALID=>   4;#  /* the module considers the request invalid. */
use constant    RLM_MODULE_USERLOCK=>  5;#  /* reject the request (user is locked out) */
use constant    RLM_MODULE_NOTFOUND=>  6;#  /* user not found */
use constant    RLM_MODULE_NOOP=>      7;#  /* module succeeded without doing anything */
use constant    RLM_MODULE_UPDATED=>   8;#  /* OK (pairs modified) */
use constant    RLM_MODULE_NUMCODES=>  9;#  /* How many return codes there are */

my $splynx;
my $answer;
my $contents;
my $request;
my $ua      = LWP::UserAgent->new();
my $res;

sub authorize {
    return RLM_MODULE_REJECT;
 }


sub authenticate {
    return RLM_MODULE_REJECT;

}


as you see  I configured my Perl script to only reject users, but in debug mode, I have this warning,


(12) Received Access-Request Id 148 from 104.46.67.10:58063 to 44.118.166.12:1812 length 123
(12)   Service-Type = Framed-User
(12)   Framed-Protocol = PPP
(12) NAS-Port = 15730188
(12)   NAS-Port-Type = Ethernet
(12)   User-Name = "test2"
(12)   Calling-Station-Id = "00:0C:29:6E:F3:2F"
(12)   NAS-Port-Id = "vlan3800"
(12)   User-Password = "test2"
(12)   NAS-Identifier = "00:0C:29:D5:7F:74"
(12)   NAS-IP-Address = 104.46.67.10
(12) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/splynx
(12)   authorize {
(12)     update control {
(12)       Auth-Type := Accept
(12)     } # update control = noop
(12)     [preprocess] = ok
(12)     [mschap] = noop
(12) eap: No EAP-Message, not doing EAP
(12)     [eap] = noop
(12) perl:   $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'test2'
(12) perl:   $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'test2'
(12) perl:   $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '104.46.67.10'
(12) perl:   $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '15730188'
(12) perl:   $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User'
(12) perl:   $RAD_REQUEST{'Framed-Protocol'} = &request:Framed-Protocol -> 'PPP'
(12) perl:   $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '00:0C:29:6E:F3:2F'
(12) perl:   $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '00:0C:29:D5:7F:74'
(12) perl:   $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Ethernet'
(12) perl:   $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jun 18 2021 20:10:15 IST'
(12) perl:   $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> 'vlan3800'
(12) perl:   $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Accept'
(12) perl:   $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Accept'
(12) perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jun 18 2021 20:10:15 IST'
(12) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'test2'
(12) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '00:0C:29:6E:F3:2F'
(12) perl: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User'
(12) perl: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> 'vlan3800'
(12) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '104.46.67.10'
(12) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '00:0C:29:D5:7F:74'
(12) perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> 'test2'
(12) perl: &request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
(12) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
(12) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '15730188'
(12) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Accept'
(12)     [perl] = reject
(12)   } # authorize = reject
(12) Using Post-Auth-Type Reject
(12) # Executing group from file /etc/freeradius/3.0/sites-enabled/splynx
(12)   Post-Auth-Type REJECT {
(12) attr_filter.access_reject: EXPAND %{User-Name}
(12) attr_filter.access_reject:    --> test2
(12) attr_filter.access_reject: Matched entry DEFAULT at line 11
(12)     [attr_filter.access_reject] = updated
(12)     [eap] = noop
(12)     policy remove_reply_message_if_eap {
(12)       if (&reply:EAP-Message && &reply:Reply-Message) {
(12)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(12)       else {
(12)         [noop] = noop
(12)       } # else = noop
(12)     } # policy remove_reply_message_if_eap = noop
(12)   } # Post-Auth-Type REJECT = updated
(12) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(12) (12) Discarding duplicate request from client nas_1 port 58063 - ID: 148 due to delayed response
Waking up in 0.6 seconds.
(12) (12) Discarding duplicate request from client nas_1 port 58063 - ID: 148 due to delayed response
Waking up in 0.3 seconds.
(12) Sending delayed response

in the other hand when I am accepting all users, I did not get that warning, this warning is just shown when rejecting user,
as I said there is no query or anything else,
thank you very much  in advance







More information about the Freeradius-Users mailing list