[RADIATOR] Duplicate request issues

[Patrik Forsberg]

Hello,

I have a problem where we have two external and two internal radius servers. 
The external radius servers proxy almost all requests on to the internal radius 
servers but the internal servers seem to think that the requests are duplicates 
?

I've done all I can think of to disable the duplicate filtration but I seem to 
be unable to stop the behavior.
I've tried setting DupInterval 0, NoIgnoreDuplicates 
Access-Request,Accounting-Request and UseContentsForDuplicateDetection, all of 
them by themselves and in various combinations, but neither seem to remedy the 
problem ?
When the external radius servers get to many requests on them the internal 
starts ignoring the requests due to duplicates ?

Are there some other directive I can put in Clients, or other parts of the 
configuration, to stop this from happening ?


Best Regards,
Patrik Forsberg

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Duplicate request issues

[Hugh Irvine]

Hello Patrick -

This sounds to me like the internal servers are not processing requests quickly 
enough and don’t respond to the external servers before the external servers 
time out and resend.

When the resent request arrives at the internal server(s) they are indeed 
marked as duplicates because the previous request is still in process.

We often see this sort of problem with slow responses from authentication 
resources like SQL and/or LDAP databases.

A trace 4 debug with LogMicroseconds will show you exactly where the time is 
being spent waiting.

Of course it may not be the external servers that are timing out - it may be 
the upstream devices and/or proxies that are resending.

In any case, trace 4 debug with LogMicroseconds will show what Radiator is 
doing (or not doing), and the corresponding Wireshark trace will show you what 
packets are actually on the wire.

regards

Hugh


 On 25 Nov 2014, at 02:39, Patrik Forsberg patrik.forsb...@ip-only.se wrote:
 
 Hello,
 
 I have a problem where we have two external and two internal radius servers. 
 The external radius servers proxy almost all requests on to the internal 
 radius servers but the internal servers seem to think that the requests are 
 duplicates ?
 
 I've done all I can think of to disable the duplicate filtration but I seem 
 to be unable to stop the behavior.
 I've tried setting DupInterval 0, NoIgnoreDuplicates 
 Access-Request,Accounting-Request and UseContentsForDuplicateDetection, all 
 of them by themselves and in various combinations, but neither seem to remedy 
 the problem ?
 When the external radius servers get to many requests on them the internal 
 starts ignoring the requests due to duplicates ?
 
 Are there some other directive I can put in Clients, or other parts of the 
 configuration, to stop this from happening ?
 
 
 Best Regards,
 Patrik Forsberg
 
 ___
 radiator mailing list
 radiator@open.com.au
 http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator