freeradius with perl , have Discarding duplicate request from client nas_1 port 58159 - ID: 30 due to delayed response ,when reject
Muhammed Buvaydani
muhammed.buvaydani at netcom.com.tr
Fri Jun 18 20:59:48 CEST 2021
thanks for the replay Mr.Alan,
but in my configuration, the delay_reject is set to 1,
I don't know but what is happening that when I rejecting a lot of users, that effecting the online users, I mean for example if I have user test1 , which is online and I disconnect him from mikrotik , Mikrotik seems not sending the right session id with the interim-update packet.
________________________________
From: Muhammed Buvaydani
Sent: Friday, June 18, 2021 5:47:31 PM
To: freeradius-users at lists.freeradius.org
Subject: freeradius with perl , have Discarding duplicate request from client nas_1 port 58159 - ID: 30 due to delayed response ,when reject
hello , I have freeradius 3.x where I enabled Perl module for authentication, I noticed that my freeradius return this error in debug mode
Discarding duplicate request from client nas_1 port 58159 - ID: 30 due to delayed response
I thought that is because of my authentication script but then I disabled the authentication and configured my Perl to reject to all users without any query or authentication (just for checking )
but still, I have the same error
Discarding duplicate request from client nas_1 port 58159 - ID: 30 due to delayed response
this is my perl script
use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
use IO::Socket;
use locale;
use POSIX;
use PHP::Serialization qw(serialize unserialize);
use LWP::Simple;
use Sys::Syslog;
setlocale(LC_ALL, 'C');
use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */
use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't reply */
use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */
use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */
use constant RLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */
use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */
use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */
use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */
use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */
use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */
my $splynx;
my $answer;
my $contents;
my $request;
my $ua = LWP::UserAgent->new();
my $res;
sub authorize {
return RLM_MODULE_REJECT;
}
sub authenticate {
return RLM_MODULE_REJECT;
}
as you see I configured my Perl script to only reject users, but in debug mode, I have this warning,
(12) Received Access-Request Id 148 from 104.46.67.10:58063 to 44.118.166.12:1812 length 123
(12) Service-Type = Framed-User
(12) Framed-Protocol = PPP
(12) NAS-Port = 15730188
(12) NAS-Port-Type = Ethernet
(12) User-Name = "test2"
(12) Calling-Station-Id = "00:0C:29:6E:F3:2F"
(12) NAS-Port-Id = "vlan3800"
(12) User-Password = "test2"
(12) NAS-Identifier = "00:0C:29:D5:7F:74"
(12) NAS-IP-Address = 104.46.67.10
(12) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/splynx
(12) authorize {
(12) update control {
(12) Auth-Type := Accept
(12) } # update control = noop
(12) [preprocess] = ok
(12) [mschap] = noop
(12) eap: No EAP-Message, not doing EAP
(12) [eap] = noop
(12) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'test2'
(12) perl: $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'test2'
(12) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '104.46.67.10'
(12) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '15730188'
(12) perl: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User'
(12) perl: $RAD_REQUEST{'Framed-Protocol'} = &request:Framed-Protocol -> 'PPP'
(12) perl: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '00:0C:29:6E:F3:2F'
(12) perl: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> '00:0C:29:D5:7F:74'
(12) perl: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Ethernet'
(12) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jun 18 2021 20:10:15 IST'
(12) perl: $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> 'vlan3800'
(12) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Accept'
(12) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Accept'
(12) perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jun 18 2021 20:10:15 IST'
(12) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'test2'
(12) perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '00:0C:29:6E:F3:2F'
(12) perl: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User'
(12) perl: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> 'vlan3800'
(12) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '104.46.67.10'
(12) perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> '00:0C:29:D5:7F:74'
(12) perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> 'test2'
(12) perl: &request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
(12) perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
(12) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '15730188'
(12) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Accept'
(12) [perl] = reject
(12) } # authorize = reject
(12) Using Post-Auth-Type Reject
(12) # Executing group from file /etc/freeradius/3.0/sites-enabled/splynx
(12) Post-Auth-Type REJECT {
(12) attr_filter.access_reject: EXPAND %{User-Name}
(12) attr_filter.access_reject: --> test2
(12) attr_filter.access_reject: Matched entry DEFAULT at line 11
(12) [attr_filter.access_reject] = updated
(12) [eap] = noop
(12) policy remove_reply_message_if_eap {
(12) if (&reply:EAP-Message && &reply:Reply-Message) {
(12) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(12) else {
(12) [noop] = noop
(12) } # else = noop
(12) } # policy remove_reply_message_if_eap = noop
(12) } # Post-Auth-Type REJECT = updated
(12) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(12) (12) Discarding duplicate request from client nas_1 port 58063 - ID: 148 due to delayed response
Waking up in 0.6 seconds.
(12) (12) Discarding duplicate request from client nas_1 port 58063 - ID: 148 due to delayed response
Waking up in 0.3 seconds.
(12) Sending delayed response
in the other hand when I am accepting all users, I did not get that warning, this warning is just shown when rejecting user,
as I said there is no query or anything else,
thank you very much in advance
More information about the Freeradius-Users
mailing list