> The NAS with the problem accounting packets is sending it's requests to > the *other* IP address on that machine. > Run 'tcpdump' to verify this.
I have been watching with tcpdump for a few days. Of course, since I'm watching, the problem hasn't happened very often. It does not show the remote server sending responses to the wrong IP. It wouldn't receive them anyway, as our firewall would block it. I don't see any log entires on the firewall to suggest this is happening. Below is an example of what tcpdump showed when the problem occurs. I've changed the server names, but it's otherwise exactly what happened. In this case, this user had 5 accounting entries for one session. At this point I'm about to move radius off the server I think is causing the problem (local-radius1), though I'd like to find a more elegant solution to the problem if possible. 20:43:36.254630 eth0 < remote-auth.datametrics > local-radius2.radius: udp 98 20:43:36.254630 eth0 > local-radius2.radius > remote-auth.datametrics: udp 92 (DF) 20:43:49.545330 eth0 < remote-acct.sa-msg-port > local-radius1.radacct: udp 108 20:43:49.548465 eth0 > local-radius1.radacct > remote-acct.sa-msg- port: udp 26 20:43:51.401026 eth0 < remote-acct.sa-msg-port > local-radius1.radacct: udp 108 20:43:51.404251 eth0 > local-radius1.radacct > remote-acct.sa-msg- port: udp 26 20:43:53.422493 eth0 < remote-acct.sa-msg-port > local-radius1.radacct: udp 108 20:43:53.425722 eth0 > local-radius1.radacct > remote-acct.sa-msg- port: udp 26 20:43:56.374480 eth0 < remote-auth.sa-msg-port > local-radius2.radius- acct: udp 108 20:43:56.374480 eth0 > local-radius2.radius-acct > remote- auth.sa-msg-port: udp 26 (DF) 20:43:56.882725 eth0 < remote-acct.sa-msg-port > local-radius1.radacct: udp 108 20:43:56.885917 eth0 > local-radius1.radacct > remote-acct.sa-msg- port: udp 26 Thanks, Ron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html