RE: Orinoco AP2000 - Logout Entry Has Wrong ID?

[Brian Sumpter]

All,   I may have solved the problem below, but I now think it has caused another.   When I first installed FreeRadius, I noticed that my AP2000 units did not send the Account-Session-Time variable back in the stop packets.  I assume that this is just a “feature” of the Orinoco AP’s to not report session time.  To alleviate that problem, I had taken the Accounting On/Off SQL statement and replaced the Accounting Update statement with it.  The reason I did this was because the Accounting On/Off SQL statement used (logout time – login time) to figure Account-Session-Time rather than expecting it back from the NAS.  This indeed solved my session time issues, and sessions began reporting the proper time.   But I think doing this caused the problem below somehow.  Once I changed it back to the original Accounting Update statement (the one expecting Account-Session-Time variable), the “Wrong ID” problem went away.  Well, it didn’t go away but at least the active sessions are now still in place and I’m not dropping users.  So I guess my question is now how do I get Account-Session-Times when my NAS devices do not report this variable?  Is there an easy way to do this?  I assumed a simple modification to the SQL statement to figure (logout time – login time) would do the trick, but I could be wrong.   Also, my radius logs report every user connection on port 0.  However, in the database everyone is coming in on port 2.  Would this have something to do with the Port 2 Wrong ID issue below?    Thank you!   Brian     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Sumpter Sent: Friday, September 03, 2004 1:09 PM To: [EMAIL PROTECTED] Subject: Orinoco AP2000 - Logout Entry Has Wrong ID?   Hello everyone!   I’ve been banging my head against a wall for several days now trying to figure out a problem I’m having with AP-2000 units and FreeRadius.  I have 5 AP-2000 units in the field, all upgraded to the latest firmware (2.4.11).  I’ve set everything up to do both Radius authentication and accounting.  Everything works fine actually – to a point.  The accounting part of all this is about to drive me insane.   First the basics.  I’m running the latest stable release of FreeRadius, using MySQL for both authentication and accounting.  This is all running on a RedHat 8.0 machine.  The authentication part of the system is working like gangbusters, and I haven’t found a problem anywhere within that part of the system.  All my problems seem to come from the accounting side of things.   I’m getting these errors in the logs from a few of the AP units:   Error: rlm_radutmp: Logout entry for NAS Reaves Hill 2.4 port 2 has wrong ID   When this happens, the server no longer shows anyone on that particular AP as being logged on, although they are according to the AP themselves.  After a few minutes they will slowly come back as “Logged On” as they re-authenticate, but the errors come back up in the logs again and clear everyone off.   I do have a couple of AP units that are not exhibiting this behavior, and I’ve found the common denominator.  The AP units that appear to work properly only have one user per AP – I never have the accounting errors from those AP’s and session times are working as expected.  But if I connect another client to them, sure enough I get the error and accounting stats go down the tubes again.   I’m WAG that the AP units are assigning different ports to the users as other clients connect than what was reported in the start packets.  I think this is what is confusing everything and causing me grief.  Is there any way to get a unique accounting packet without relying on the Port ID from the AP (Session-ID, maybe)?  Has anyone else noticed these problems when using AP-2000 units with FreeRadius?   If I need to supply more information, just let me know what you need and I’ll post it.   Thank you!   Brian