The output below is copied from radwho.cgi and are from the same NAS:
 
user
207.202.136.8 7 9600C068 Wed Apr 19 17:26:23 2000 207.202.137.169 Async Framed-User
user@domain 207.202.136.8 5 9600C078 Wed Oct 6 15:27:10 1999 207.202.137.171 Async Framed-User
user@domain 207.202.136.8 24 9600C06C Wed Aug 18 15:25:28 1999 207.202.137.151 Async Framed-User
user@domain 207.202.136.8 0 9600C076 Wed Aug 18 14:56:39 1999 207.202.137.146 Async Framed-User
user 207.202.136.8 26 9600C04C Wed Apr 19 16:59:45 2000 207.202.137.144 Async Framed-User
user@domain 207.202.136.8 27 9600C06D Wed Aug 18 15:25:32 1999 207.202.137.172 Async Framed-User
user@domain 207.202.136.8 18 9600C050 Wed Nov 24 15:53:22 1999 207.202.137.167 Async Framed-User
user 207.202.136.8 36 9600C047 Wed Apr 19 16:57:14 2000 207.202.137.180 Async Framed-User
user 207.202.136.8 8 9600C079 Wed Apr 19 17:34:21 2000 207.202.137.166 Async Framed-User
user@domain 207.202.136.8 3 9600C05C Wed Aug 18 16:09:02 1999 207.202.137.173 Async Framed-User
user 207.202.136.8 34 9600C05E Wed Apr 19 17:15:54 2000 207.202.137.153 Async Framed-User
user@domain 207.202.136.8 2 9600C052 Wed Jun 30 16:38:37 1999 207.202.137.155 Async Framed-User
user 207.202.136.8 25 9600C057 Wed Apr 19 17:12:38 2000 207.202.137.154 Async Framed-User
user 207.202.136.8 30 9600C058 Wed Apr 19 17:12:41 2000 207.202.137.143 Async Framed-User
user 207.202.136.8 6 9600C053 Wed Apr 19 17:07:27 2000 207.202.137.175 Async Framed-User
user 207.202.136.8 13 9600C069 Wed Apr 19 17:26:27 2000 207.202.137.177 Async Framed-User
user 207.202.136.8 35 9600C06F Wed Apr 19 17:26:43 2000 207.202.137.188 Async Framed-User
user@domain 207.202.136.8 28 9600C040 Wed Aug 18 17:28:52 1999 207.202.137.159 Async Framed-User
user 207.202.136.8 19 9600C03F Wed Apr 19 16:55:45 2000 207.202.137.131 Async Framed-User
 
All of the user-names with realms attached have timestamps of 1999. The dates in the detail file are fine but I went and grabbed the timestamp field from the detail file for each of these session ID's and ran a Perl localtime() on them and got the same sort of thing you see. The "1999" sessions were showing HUGE Acct-Delay-Times as well, some over 150 days! Radiator is proxying the "@domain" logins to a Merit AAA server. (The names have been changed to protect the innocent.) The non-realm logins (no @domain) are being forwarded to a Livingston 2.1 RADIUS server. The dates are correct on all the machines and the Human-Readable date on the first line of each RADIUS detail record is correct on all servers, only the Timestamp and Acct-Delay-Time fields are flipping out on the Merit side. The only reason I don't outright and completely suspect Merit is that the Portmaster generates Acct-Delay-Time and Timestamp.
 
The Radiator server is NOT forwarding accounting to the Merit server. (NoForwardAccounting)
Radiator IS forwarding accounting to the Livingston server.
 
If I run Radiator at trace level 4 those HUGE Acct-Delay-Times and 1999 Timestamps are indeed in the packet dumps.
 
==== Begin Example:
*** Received from <ip address of Portmaster 3> port 1026 ....
Code:       Accounting-Request
Identifier: 30
Authentic:  <254>R<249><139>yh<128>?99ux(<178><219><177>
Attributes:
        Acct-Session-Id = "3B014C21"
        User-Name = "username"
        NAS-IP-Address = <ip address of PM3>
        NAS-Port = 7
        NAS-Port-Type = Async
        Acct-Status-Type = Stop
        Acct-Session-Time = 3115
        Acct-Authentic = RADIUS
        Connect-Info = "26400 LAPM/V42BIS"
        Acct-Input-Octets = 177754
        Acct-Output-Octets = 2767020
        Acct-Terminate-Cause = User-Request
        Livingston = "User Request - Call Circuit Closed"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = <ip address>
        Acct-Delay-Time = 16583197
 
==== End Example
 
Merit AAA is running on BSDI 4.0 (x86)
Livingston 2.1 is running on OpenBSD 2.6 (x86)
Radiator 2.15 is running on FreeBSD 3.1-RELEASE (x86) with Perl 5.005_02
 
Thanks very much for taking the time to get this far. =)
-Bryn
 

Reply via email to