-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi folks, I've deployed FR2 to service 802.1X wireless authentication (Cisco LWAPP infrastructure), and it's working splendidly from the users' perspective. Accounting, however, is acting weirdly, and I have yet to determine why. 'radlast' gives output like this: gsmith 029:CvbP6g 10.1.2.3 Tue Jan 13 17:48 - 17:54 (00:06) mjones 029:CvbP9A 10.2.8.9 Tue Jan 13 17:25 - 17:34 (00:09) mjones 029:CvbP9A 192.168.2.2 Tue Jan 13 17:25 - 17:25 (00:00) bblack 029:CvbP9A 10.1.1.9 Tue Jan 13 17:24 - 17:25 (00:01) cwhite 029:CvbP6g 10.1.2.4 Tue Jan 13 17:23 - 17:24 (00:00) cwhite 029:CvbP6g 10.1.2.4 Tue Jan 13 17:23 - 17:23 (00:00) cwhite 029:CvbP6g 10.250.59.255 Tue Jan 13 17:23 - 17:23 (00:00) cwhite 029:CvbP6g 10.250.59.255 Tue Jan 13 17:23 - 17:23 (00:00) mbrown 029:CvbP9A 10.9.8.7 Tue Jan 13 17:23 - 17:24 (00:00) mbrown 029:CvbP9A 192.168.0.6 Tue Jan 13 17:23 - 17:23 (00:00) ... (note the very brief session lengths) 'radwho' reacts accordingly, only listing those users whose very brief window of "accounting existence" has not yet closed. If you've heard this tune before, please feel free to send a link to the appropriate mailing list thread or wiki article. The LWAPP controllers send accounting start packets to the RADIUS server as expected, but shortly thereafter, send accounting stop messages. I fell asleep part of the way through RFC3580, so I humbly ask the experts: is this "correct" behavior, consistent with the protocol (or at least, most implementations of the protocol)? Do most 802.1X authenticators not wait for actual port closure to send an accounting stop message? In a thread from back in June of 2008, (Vol 38, Issues 116, 121, and 122: "radacct/radutmp out of sync"), Alan refers to radutmp as a hack, and recommends moving to an SQL database. Is this the way I should be going? People around here like 'radwho', but I'm happy to write a script called 'radwho' that performs an SQL query. And if this is a known issue, is there a widely-accepted method for addressing the lack of coincidence between the accounting stop messages and actual closure of the port, or is everyone left to make their own assumptions about that? Many thanks, - -sth sam hooker|http://www.noiseplant.com|i am between the internet -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkltH6sACgkQX8KByLv3aQ3s2ACeOfKWRSa9nZ3bSwebBcitcrL8 VqoAnjA8DoRUjwBUqkwMBs7qOiDmhGOd =SXac -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
