Alan DeKok wrote:
Giovanni Lovato wrote:Mmmm... After a little more investigation, I think it's the AP that cause the problem: it receive an Access-Accept but ignores it, sends another Access-Request and FR correctly generates an Access-Reject because of the duplicate request. So it's not a FR issue, but if someone has an advice on how to debug this, any help will be appreciated!Hmm... I think I see what's happening. The NAS is broken... it not only ignores the Access-Accept, but when it re-transmits the previous request, it does so with a *new* RADIUS Id. This means that the code in FreeRADIUS to detect retransmissions isn't used... and the packet is processed as a new request. If the NAS wasn't broken, it would re-transmit the request using the same RADIUS Id, and FreeRADIUS would send the same (saved) Access-Accept back, without doing any additional processing. The best advice is to replace the NAS. It's broken.
Thank you very much, your explanation is perfectly clear. The NAS is a D-Link DWL-G700AP with a modified firmware (Wive). I'm trying it because I need accounting and the original firmware doesn't send accounting packets. I'll try to replace the daemon which does AAA on the NAS OS and see if the issue persists.
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
