Steve Langasek <[EMAIL PROTECTED]> wrote: > Currently, we monitor our RADIUS servers 24x7 to ensure that > our network is always accessible. However, in the middle of the night, > our RADIUS traffic is so little that the requests from the monitoring > server makes up the bulk of it -- and after upgrading to freeradius 0.5, > these requests are still in the server cache, causing freeradius to view > them as duplicates and treating them as such... so that at 3 am, the > 'duplicate authentication reply' being sent never quite makes it to the > radius client.
The "duplicate request" logic in the server should ONLY get hit if the src IP, src port, ID, code, AND authentication vector are the same. If this is seen with only 0.5, and not earlier versions of the server, then it's a definite bug. > I assume there's some server bug involved here, either in the source or > in my cache configuration (or both). At the moment, though, I'd be > happy if anyone has a monitoring script they'd like to share which > doesn't trip freeradius's 'duplicate request' sensor. Ensure that the authentication vectors are different for each packet. That *should* work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
