Duplicate Accounting Entries
Hey All Happy Friday! How do you prevent duplicate Accounting entries? Or, might I have something setup incorrectly? SNIP from RADIUS.LOG Fri Sep 6 12:44:27 2002 : Info: Accounting: login: entry for NAS xx.xxx.xx.xx port 39 duplicate Fri Sep 6 12:44:29 2002 : Info: Accounting: login: entry for NAS xx.xxx.xx.xx port 47 duplicate Fri Sep 6 12:44:29 2002 : Info: Accounting: login: entry for NAS xx.xxx.xx.xx port 39 duplicate Fri Sep 6 12:44:31 2002 : Info: Accounting: login: entry for NAS xx.xxx.xx.xx port 47 duplicate /SNIP from RADIUS.LOG Even though I'm using Radius.log to show the error, they end up in the details file as well... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate Accounting Entries
On Fri, 6 Sep 2002, Funk, Michael wrote: Hey All Happy Friday! How do you prevent duplicate Accounting entries? Or, might I have something setup incorrectly? SNIP from RADIUS.LOG Fri Sep 6 12:44:27 2002 : Info: Accounting: login: entry for NAS xx.xxx.xx.xx port 39 duplicate Fri Sep 6 12:44:29 2002 : Info: Accounting: login: entry for NAS xx.xxx.xx.xx port 47 duplicate Fri Sep 6 12:44:29 2002 : Info: Accounting: login: entry for NAS xx.xxx.xx.xx port 39 duplicate Fri Sep 6 12:44:31 2002 : Info: Accounting: login: entry for NAS xx.xxx.xx.xx port 47 duplicate /SNIP from RADIUS.LOG Even though I'm using Radius.log to show the error, they end up in the details file as well... Increase the timeout in your NAS -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: duplicate accounting entries
Have you run tcpdump elsewhere in the network? Are you sure that the packets are making it *out* of the box? Or maybe they're being lost elsewhere in the network. Alan, I put a box with tcpdump between the network our radius servers live on and our border router. It showed that the accounting response packets were definitely making it off the radius servers with the proper source and destination address. So, I guess for whatever reason they are not making it all the way back to the proxy radius server on the other end. It's still curious to me that this only occurs on the server with multiple IPs bound to it's ethernet interface. So, this leaves me talking with our provider. I have doubts about their willingness to debug something like this, though. Is there anything I can do locally to fix the symptoms temporarily? I'm going to have them change their config to talk to an alternate radius server to see if the problem goes away if I can get our tech rep to actually answer his phone (or get to voicemail, for that matter) :( -- Ron Chinn Partner/Unix Admin Amalgamated Systems, LLC Tel: (573)364-5452 Fax: (573)364-7763 Email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: duplicate accounting entries
The NAS with the problem accounting packets is sending it's requests to the *other* IP address on that machine. Run 'tcpdump' to verify this. I have been watching with tcpdump for a few days. Of course, since I'm watching, the problem hasn't happened very often. It does not show the remote server sending responses to the wrong IP. It wouldn't receive them anyway, as our firewall would block it. I don't see any log entires on the firewall to suggest this is happening. Below is an example of what tcpdump showed when the problem occurs. I've changed the server names, but it's otherwise exactly what happened. In this case, this user had 5 accounting entries for one session. At this point I'm about to move radius off the server I think is causing the problem (local-radius1), though I'd like to find a more elegant solution to the problem if possible. 20:43:36.254630 eth0 remote-auth.datametrics local-radius2.radius: udp 98 20:43:36.254630 eth0 local-radius2.radius remote-auth.datametrics: udp 92 (DF) 20:43:49.545330 eth0 remote-acct.sa-msg-port local-radius1.radacct: udp 108 20:43:49.548465 eth0 local-radius1.radacct remote-acct.sa-msg- port: udp 26 20:43:51.401026 eth0 remote-acct.sa-msg-port local-radius1.radacct: udp 108 20:43:51.404251 eth0 local-radius1.radacct remote-acct.sa-msg- port: udp 26 20:43:53.422493 eth0 remote-acct.sa-msg-port local-radius1.radacct: udp 108 20:43:53.425722 eth0 local-radius1.radacct remote-acct.sa-msg- port: udp 26 20:43:56.374480 eth0 remote-auth.sa-msg-port local-radius2.radius- acct: udp 108 20:43:56.374480 eth0 local-radius2.radius-acct remote- auth.sa-msg-port: udp 26 (DF) 20:43:56.882725 eth0 remote-acct.sa-msg-port local-radius1.radacct: udp 108 20:43:56.885917 eth0 local-radius1.radacct remote-acct.sa-msg- port: udp 26 Thanks, Ron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: duplicate accounting entries
Ron Chinn [EMAIL PROTECTED] wrote: We have two radius servers, each running freeradius 0.4. They are both set to log to one mysql server. Only one of these servers generates multiple accounting entries, though. It does have two addresses bound to it's ethernet interface, Then that's most likely the problem. but I have freeradius bound to only one of these (ie. bind_address = 192.168.0.1) The NAS with the problem accounting packets is sending it's requests to the *other* IP address on that machine. Run 'tcpdump' to verify this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html