Re: NAS resending access-request packets

2002-11-28 Thread arise 

On Thu, 28 Nov 2002, Allister Maguire wrote:

 Hello,

 I was wondering if someone could help me with this question.

 If a NAS sends a access-request packet and it does not get a response from the 
radius server within the timelimit (3 sec), it then sends another access-request 
(with different packet id) packet.

IMHO, if any of the attributes on the request packet is NOT changed (i.e.
User-Password), it MUST use the same ID, as in the case of retransmissions.
otherwise, it will use a new one.


 The radius server gets the first ( network lag) packet, assigns a ip address from a 
pool, and sends it back, it then receives the second packet (it has different id, 
local cache response is not used), checks ip pools db, a record exists (NAS IP/Port) 
assigns a new ip address and sends it back.

 Does the NAS discard the access-accept of the first packet, and only accept the 
second? or does it accept the first it receives? Therefore the ip address the db 
thinks is assigned, might not be the same as the ip address the NAS assigns to the 
client.

the NAS should accept the first packet and it would consider the second
packet as a possible double-login attempt. so it would perform some checks
on the session database and send the appropriate access code i.e. reject if
the user is restricted to single login only.

if the ID, source IP and source UDP port on the client's ACCESS-REQUEST
packet is the same, the server detects it as a duplicate request and would
be discarded.

hope this helps,

ronald

 thanks

 Allister Maguire
 .+-Šwèþ˛±ÊâmïîžË›±Êâmäžzm§ïÿÃ­ç«iØ®²ŠàþX¬·û¬z»!¶i


--
[Never be afraid to try something new.
Remember, amateurs built the ark,
and professionals built the Titanic.]


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NAS resending access-request packets

2002-11-28 Thread Alan DeKok 
Allister Maguire [EMAIL PROTECTED] wrote:
 If a NAS sends a access-request packet and it does not get a response
 from the radius server within the timelimit (3 sec), it then sends
 another access-request (with different packet id) packet.

  Then the NAS is broken.  See the RFC's for how to handle
retransmits.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html