help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Duplicate requests?

From: Sergey Poznyakoff
Subject: Re: [Help-gnu-radius] Duplicate requests?
Date: Tue, 16 Mar 2004 11:24:27 +0200 
Greg G <address@hidden> wrote:

> It looks like there are mulitple children of the radius daemon serving
> the same requestion, and giving it the OK.  That seems weird to me.
> Any idea why this could be happening?
> 

Your NAS is configured to resend requests if it does not receive
the acknowledge within one second. This delay is obviously too short.
On the other hand, radius fails to recognize such requests as duplicate.
This means that either the value of request-cleanup-delay in
your raddb/config is too small[1], or the NAS alters request
authenticator before resending it, in this case you will have to use
extended comparison methods[2]

Regards,
Sergey

[1] request-cleanup-delay sets the amount of time (in seconds) to keep
each request in the queue after it has been processed. Its value can
be computed using the following formula:

       request-cleanup-delay = nas-timeout * nas-retansmit + CONST 

where:
  nas-timeout   is the amount of time the NAS waits for the reply from
                radius server before attempting to resend the request
                (on Cisco it is configured by `radius-server timeout'
                clause)
                
  nas-retansmit is the number of retransmissions the NAS attempts before
                giving up (on Cisco it is configured by `radius-server
                retransmit' clause)

  CONST         is an empirical constant that depends on the average
                load of your NAS, server and on the bandwidth of your
                network. Ususally 1 <= CONST <= 10 sec.

[2] http://www.gnu.org/software/radius/manual/html_node/radius_11.html#SEC14
reply via email to
[Prev in Thread] Current Thread [Next in Thread]