Hello Jeremy -
On Tue, 21 Mar 2000, Jeremy C. Reed wrote:
> On Thu, 16 Mar 2000, Hugh Irvine wrote:
>
> > Hello Jeremy -
> >
> > On Thu, 16 Mar 2000, Jeremy C. Reed wrote:
> > > Our accounting details files on different servers for the past couple
> > > weeks have been logging the same information. We recently upgraded
> > > Radiator a couple weeks ago.
> > >
> > > Our Ascend and Erickson access servers have the IPs for each of our
> > > accounting servers. Before, only one or the other recorded the
> > > information; now both are recording the exact information. The only thing
> > > that is different is the formatted date and time (not the Timestamp
> > > value). It appears to be exactly 45 seconds apart -- which is the same as
> > > our Ascent TNT's timeout value.
> > >
> > > Does anyone have any ideas where to look, how to further trouble-shoot
> > > this or what settings to use to get the logging only done once?
> > >
> >
> > I think I will need to see the configuration files (no secrets) and a trace 4
> > debug from both Radiator servers as well.
>
> I also noticed that the same server also logs accounting information
> duplicate times.
>
> For example, I did a:
> grep "Acct-Session-Id" detail | sort
> and some if the Acct-Session-Id's were listed over five times.
> Then I looked in the detail file for these Id's and some were duplicate
> accounting information, but also the same Id was used for other
> connections (different users). So it is not unique.
>
> Here are the configuration files:
> http://www.iwbc.net/~jcr/temp-radiator/radiator.cfg
> http://www.iwbc.net/~jcr/temp-radiator/proxies.cfg
> (The same configs are on both servers.)
>
> Here is some Trace 4 logging:
> http://www.iwbc.net/~jcr/temp-radiator/logfile-ns2
> http://www.iwbc.net/~jcr/temp-radiator/logfile-bu-sea
>
> For example, Acct-Session-Ids 278956876 and 278956941
> are logged six times each on bu-sea; twice on ns2.
>
The problem you have is due to the fact that you have configured a number of
AuthBy RADIUS clauses with the "NoForwardAccounting" parameter. The trace file
shows that Radiator receives the accounting request from the NAS, and correctly
does nothing with it. The NAS then resends the request, per the RFC, after each
timeout period with the AcctDelayTime incremented.
You are correct though in implying that this configuration used to work with
previous versions of Radiator - there was a change in AuthRADIUS.pm that now
Ignores instead of Accepts when NoForwardAccounting or NoForwardAuthentication
is set. The fix is to add the AccountingHandled parameter to each of your
Realms where this is an issue.
We have added a note in the revision file mentioning this.
Thanks for pointing out the problem.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
