Giovanni Lovato wrote: > Mmmm... After a little more investigation, I think it's the AP that > cause the problem: it receive an Access-Accept but ignores it, sends > another Access-Request and FR correctly generates an Access-Reject > because of the duplicate request. So it's not a FR issue, but if someone > has an advice on how to debug this, any help will be appreciated!
Hmm... I think I see what's happening. The NAS is broken... it not only ignores the Access-Accept, but when it re-transmits the previous request, it does so with a *new* RADIUS Id. This means that the code in FreeRADIUS to detect retransmissions isn't used... and the packet is processed as a new request. If the NAS wasn't broken, it would re-transmit the request using the same RADIUS Id, and FreeRADIUS would send the same (saved) Access-Accept back, without doing any additional processing. The best advice is to replace the NAS. It's broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html