[EMAIL PROTECTED] wrote:
>Read the docs. This is covered in the 'cisco' readme in the 'docs'
>directory.
I did that before posting to the list... ;-).
>You need to add a config command to your cisco NAS that tells them not
>to send the accounting packet until it has assigned the IP.
The docs (correctly, according to Cisco's web site) note that from IOS 11.3
you can do the "aaa accounting update new-info" to do that. Oddly, our
11.2 box has this command in it's config (without error). More importantly,
as noted in my message, the NAS *is* actually sending separate update
messages a few seconds after the initial accounting packets, and those
updates contain the Framed-IP-Address (although it shouldn't?) - this fact
is confirmed by the sqltrace file contents and the FR main debug trace (and
the fact our old RADIUS server saw and used them too). Maybe it's something
to do with the point version of the IOS (11.2(16)P) or something...
whatever...
My point is, even though the Cisco is actually sending updates (although
according to the docs it shouldn't be, FR seems to be gaffing them on the
SQL UPDATES to the database - the SQL statements in the sqltrace debug
showing 'username' being empty ('').
My initial thought was actually that the NAS wasn't including the username
in the update request. Nope - the old RADIUS server picked it up just
fine... the problem only exists with FR. Either that, or the old RADIUS did
some extrapolation to work out the missing user name (e.g. using session
ID's or something). If it wasn't for the fact that this kit is in co-lo
miles away I'd run over there and plug in a sniffer to be sure...
Regards,
SB
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
