On Sun, May 05, 2002 at 06:48:26PM -0400, Alan DeKok wrote: > Steve Langasek <[EMAIL PROTECTED]> wrote: > > Currently, we monitor our RADIUS servers 24x7 to ensure that > > our network is always accessible. However, in the middle of the night, > > our RADIUS traffic is so little that the requests from the monitoring > > server makes up the bulk of it -- and after upgrading to freeradius 0.5, > > these requests are still in the server cache, causing freeradius to view > > them as duplicates and treating them as such... so that at 3 am, the > > 'duplicate authentication reply' being sent never quite makes it to the > > radius client.
> The "duplicate request" logic in the server should ONLY get hit if > the src IP, src port, ID, code, AND authentication vector are the > same. > If this is seen with only 0.5, and not earlier versions of the > server, then it's a definite bug. Yes, that's how it seems. I've looked over the 0.5 rl_find() code, and I'm not seeing any obvious problems there. My best guess is that the kernel of the monitoring client is being very efficient with udp port reuse, and the monitoring software isn't being very random with its authentication vectors. Perhaps the request caching in 0.5 is 'better' than it was before, which is why I wasn't having as many problems. I'll dig into the client side more and see what I can find out. Steve Langasek postmodern programmer
msg05443/pgp00000.pgp
Description: PGP signature
