On Tue, Jun 03, 2003 at 09:14:01AM -0500, Chris Parker wrote:
> At 05:53 PM 6/3/2003 +0400, Alexander M. Pravking wrote:
> >I discovered that our Cisco 5200 resends acct-requests (not sure about
> >auth-requests) with different request identifiers, which violates
> >RFC 2866. Here is sample debug output (note the id's!):
>
> Acct-Delay-Time has changed. It is not the same packet.
Of course, it's changed - it retransmits it because it timed out
waiting the responce. But RFC 2866 says:
Identifier
The Identifier field is one octet, and aids in matching requests
and replies. The RADIUS server can detect a duplicate request if
it has the same client source IP address and source UDP port and
Identifier within a short span of time.
Once ids are different, radiusd can't detect duplicate request
and process them as they were independent.
> The solution
> is to figure out why your cisco nas isn't seeing an acct-accept from
> the radius server and is retransmitting acct requests.
As I said, the server processed the first request too long - more than
5 seconds. It happens sometimes, and I don't think it's too bad.
In any way, thanks for the input.
--
Fduch M. Pravking
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
