The output below is copied from radwho.cgi and are
from the same NAS:
|
user |
207.202.136.8 | 7 | 9600C068 | Wed Apr 19 17:26:23 2000 | 207.202.137.169 | Async | Framed-User | |
| user@domain | 207.202.136.8 | 5 | 9600C078 | Wed Oct 6 15:27:10 1999 | 207.202.137.171 | Async | Framed-User | |
| user@domain | 207.202.136.8 | 24 | 9600C06C | Wed Aug 18 15:25:28 1999 | 207.202.137.151 | Async | Framed-User | |
| user@domain | 207.202.136.8 | 0 | 9600C076 | Wed Aug 18 14:56:39 1999 | 207.202.137.146 | Async | Framed-User | |
| user | 207.202.136.8 | 26 | 9600C04C | Wed Apr 19 16:59:45 2000 | 207.202.137.144 | Async | Framed-User | |
| user@domain | 207.202.136.8 | 27 | 9600C06D | Wed Aug 18 15:25:32 1999 | 207.202.137.172 | Async | Framed-User | |
| user@domain | 207.202.136.8 | 18 | 9600C050 | Wed Nov 24 15:53:22 1999 | 207.202.137.167 | Async | Framed-User | |
| user | 207.202.136.8 | 36 | 9600C047 | Wed Apr 19 16:57:14 2000 | 207.202.137.180 | Async | Framed-User | |
| user | 207.202.136.8 | 8 | 9600C079 | Wed Apr 19 17:34:21 2000 | 207.202.137.166 | Async | Framed-User | |
| user@domain | 207.202.136.8 | 3 | 9600C05C | Wed Aug 18 16:09:02 1999 | 207.202.137.173 | Async | Framed-User | |
| user | 207.202.136.8 | 34 | 9600C05E | Wed Apr 19 17:15:54 2000 | 207.202.137.153 | Async | Framed-User | |
| user@domain | 207.202.136.8 | 2 | 9600C052 | Wed Jun 30 16:38:37 1999 | 207.202.137.155 | Async | Framed-User | |
| user | 207.202.136.8 | 25 | 9600C057 | Wed Apr 19 17:12:38 2000 | 207.202.137.154 | Async | Framed-User | |
| user | 207.202.136.8 | 30 | 9600C058 | Wed Apr 19 17:12:41 2000 | 207.202.137.143 | Async | Framed-User | |
| user | 207.202.136.8 | 6 | 9600C053 | Wed Apr 19 17:07:27 2000 | 207.202.137.175 | Async | Framed-User | |
| user | 207.202.136.8 | 13 | 9600C069 | Wed Apr 19 17:26:27 2000 | 207.202.137.177 | Async | Framed-User | |
| user | 207.202.136.8 | 35 | 9600C06F | Wed Apr 19 17:26:43 2000 | 207.202.137.188 | Async | Framed-User | |
| user@domain | 207.202.136.8 | 28 | 9600C040 | Wed Aug 18 17:28:52 1999 | 207.202.137.159 | Async | Framed-User | |
| user | 207.202.136.8 | 19 | 9600C03F | Wed Apr 19 16:55:45 2000 | 207.202.137.131 | Async | Framed-User |
All of the user-names with realms attached have
timestamps of 1999. The dates in the detail file are fine but I went and grabbed
the timestamp field from the detail file for each of these session ID's and ran
a Perl localtime() on them and got the same sort of thing you see. The
"1999" sessions were showing HUGE Acct-Delay-Times as well, some over 150 days!
Radiator is proxying the "@domain" logins to a Merit AAA server. (The names have
been changed to protect the innocent.) The non-realm logins (no @domain) are
being forwarded to a Livingston 2.1 RADIUS server. The dates are correct on all
the machines and the Human-Readable date on the first line of each RADIUS detail
record is correct on all servers, only the Timestamp and Acct-Delay-Time fields
are flipping out on the Merit side. The only reason I don't outright and
completely suspect Merit is that the Portmaster generates Acct-Delay-Time and
Timestamp.
The Radiator server is NOT forwarding accounting to
the Merit server. (NoForwardAccounting)
Radiator IS forwarding accounting to the Livingston
server.
If I run Radiator at trace level 4 those HUGE
Acct-Delay-Times and 1999 Timestamps are indeed in the packet dumps.
==== Begin Example:
*** Received from <ip address of Portmaster
3> port 1026 ....
Code: Accounting-Request
Identifier: 30
Authentic: <254>R<249><139>yh<128>?99ux(<178><219><177>
Attributes:
Acct-Session-Id = "3B014C21"
User-Name = "username"
NAS-IP-Address = <ip address of PM3>
Code: Accounting-Request
Identifier: 30
Authentic: <254>R<249><139>yh<128>?99ux(<178><219><177>
Attributes:
Acct-Session-Id = "3B014C21"
User-Name = "username"
NAS-IP-Address = <ip address of PM3>
NAS-Port
= 7
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 3115
Acct-Authentic = RADIUS
Connect-Info = "26400 LAPM/V42BIS"
Acct-Input-Octets = 177754
Acct-Output-Octets = 2767020
Acct-Terminate-Cause = User-Request
Livingston = "User Request - Call Circuit Closed"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = <ip address>
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 3115
Acct-Authentic = RADIUS
Connect-Info = "26400 LAPM/V42BIS"
Acct-Input-Octets = 177754
Acct-Output-Octets = 2767020
Acct-Terminate-Cause = User-Request
Livingston = "User Request - Call Circuit Closed"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = <ip address>
Acct-Delay-Time = 16583197
==== End Example
Merit AAA is running on BSDI 4.0 (x86)
Livingston 2.1 is running on OpenBSD 2.6
(x86)
Radiator 2.15 is running on FreeBSD 3.1-RELEASE
(x86) with Perl 5.005_02
Thanks very much for taking the time to get this
far. =)
-Bryn
