Alan DeKok wrote:
Joe Maimon wrote:
What is the best way to deal with misbehaving nas's that send accounting
to both the primary and secondary server, even while receiving replies
to both queries.
Throw it away, and buy a real NAS.
The customer uses this nas for a product that is in its endoflife. It
has been in place for quite some time. Previously, this "feature" was
unwittingly used to have accounting sent to two different unrelated
systems, where it was needed on both.
So long as it works, there will be no more capital investments, which
have been investigated to an extent.
I guess I should learn to *not* be shocked by how bad the NAS
equipment is.
The nas has a concept of server groups, primary and secondary. Each
group can be configured with up to three ip address
destination/ports/secrets.
However, failover when using just one group seems to be problematic. On
the other hand, with both server groups enabled, duplicate accounting.
This results in multiple accounting records in sql, with duplicate
acctsessionid and acctuniqueid values.
The NAS sends *different* Acct-Session-Id values for the same session?
No, those values are identical. Two rows in mysql are created with those
identical values.
It's definitely a piece of garbage. What the heck would it do if it
failed over from one RADIUS server to another? Change the session Id?
I think it could use a software update. Unfortunately, I cant find
anywhere anyone offering official support, product line was sold,
discontinued, it is EOL, something.
Assuming the NAS cannot be properly configured, either for technical or
other reasons, these are the potential options.
- configure only one of the primary or secondary on the NAS
That MIGHT work. See above.
It would work fine, and since this setup uses anycast (sticky) not lose
all that much in the way of redundancy. Its more or less how it is setup
now - but I dont like it.
The device is a 3com hiper arc, used for analog modem dialup.
- get the server to recognize the existing record and update it instead
of inserting a new one
What are the contents of the accounting packets? How could you use
those contents to determine that two packets were about the "same" session?
No, each server gets ONE start packet.
i.e. post some packet contents here. Odds are that you can look at
NAS-IP-Address, NAS-Port, and maybe User-Name. If those all match, odds
are it's for the same session, even if Acct-Session-Id is different.
They are the same.
Now there is account_start_query_alt, but that appears to only be called
if the account_start_query fails.
With the default mysql schema, I dont think there is anything to cause
that query to ever fail.
Tips and advice are greatly appreciated.
Tell the NAS vendor that their product is horrible. Get THEM to fix
the problem.
Having all of their customers deploy "work-arounds" just encourages
idiots. If all of their customers called, complained, and threatened to
return the equipment, you can bet it would get fixed in a hurry.
Alan DeKok.
I agree with you but that time has passed, at least for this equipment.
I suppose my question is when and how is the account_start_query_alt
used, and can I use that to prevent duplicate accounting rows in sql?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
