I discovered that our Cisco 5200 resends acct-requests (not sure about
auth-requests) with different request identifiers, which violates
RFC 2866. Here is sample debug output (note the id's!):
rad_recv: Accounting-Request packet from host cisco-5200:1646, id=205, length=119
Sun Jun 1 13:57:15 2003 : Debug: Thread 4 assigned request 7988
Sun Jun 1 13:57:15 2003 : Debug: --- Walking the entire request list ---
Sun Jun 1 13:57:15 2003 : Debug: Waking up in 1 seconds...
Sun Jun 1 13:57:15 2003 : Debug: Thread 4 handling request 7988, (1373 handled so far)
NAS-IP-Address = ...
NAS-Port = 52
NAS-Port-Type = Async
User-Name = "some-user"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00010CC2"
Framed-Protocol = PPP
Framed-IP-Address = ...
Acct-Delay-Time = 0
...
(this request was being processed more than 5 seconds)
...
rad_recv: Accounting-Request packet from host cisco-5200:1646, id=206, length=119
Sun Jun 1 13:57:20 2003 : Debug: Thread 7 assigned request 7992
Sun Jun 1 13:57:20 2003 : Debug: --- Walking the entire request list ---
Sun Jun 1 13:57:20 2003 : Debug: Threads: total/active/spare threads = 7/1/6
Sun Jun 1 13:57:20 2003 : Debug: Waking up in 1 seconds...
Sun Jun 1 13:57:20 2003 : Debug: Thread 7 handling request 7992, (543 handled so far)
NAS-IP-Address = ...
NAS-Port = 52
NAS-Port-Type = Async
User-Name = "user-name"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00010CC2"
Framed-Protocol = PPP
Framed-IP-Address = ...
Acct-Delay-Time = 5
Finally, both requests are logged successfully, so we got two active
sessions for the same request.
Alan would say "So, fix the NAS!", but it doesn't seem possible.
(I'll feel myself happy if I'm wrong)
Please, let me know if you saw similar things and if you have found a
workarond. Thanks in advance.
--
Fduch M. Pravking
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
