Thomas Krantz <[EMAIL PROTECTED]> wrote: > We're running FreeRADIUS 0.8 on a Solaris 2.8 box, and we're planning to > replace all our radius servers (old Livingston 1.16 and Lucent 2.1) with > FreeRADIUS. Right now we've written some modules to replace the > dedicated accounting servers, to start with.
Check that the modules don't take forever to return. > Anyway, our problem is that - put under live traffic - the server (called > Wedge) outputs an error every other minute or so. It receives about 20-25 > requests per second, and this is what the log says: > > Tue Dec 10 15:30:55 2002 : Info: Listening on IP address *, ports 2000/udp > and 2001/udp. > Tue Dec 10 15:30:55 2002 : Info: Ready to process requests. > Tue Dec 10 15:31:37 2002 : Error: Discarding new request from client > dooku:1814 - ID: 10 due to live request 814 What's happening this this: 1 client sends the server a request 2 server processes it, taking ~15 seconds 3 client gets frustrated, and repeats it's request 4 the server notices it's the same request, and doesn't re-process it Odds are your new accounting module is taking ~5-30 seconds to do it's work. That's bad. > The server called "dooku" is a proxy receiving acct/auth packets > (that one is also a FreeRADIUS 0.8) from ANOTHER server called XXXXX > (radius server unknown), and on "dooku" the output is: > > Tue Dec 10 15:59:12 2002: Error: Dropping conflicting packet from client > XXXXX - ID: 35 due to unfinished request 1893794 5 the client gives up on the request and (eventually) re-uses the ID in another packet 6 the server STILL hasn't finished the previous request, so it complains that the client is too quick. Again, fix your accounting module. It's breaking the server. > Tue Dec 10 15:59:15 2002: Proxy: marking accounting server palpatine:2001 > for realm aaa.bb.cc dead > > it marks all "accounting" servers as dead, but localhost and palpatine are > authentication servers, the accounting packets goes to our server Wedge. You've got it configured to send accounting packets to that port of the server, so that's what it's telling you. > I have disabled all accounting modules, to limit the troubleshooting > somewhat. What does "Discarding new request from client xxxx .. due to > live request 123" exactly mean? it hasn't sent an response to request 123 > yet? Exactly. The request is still "live". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
