<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hello everyone.<br>
<br>
I've been going a bit mad on this subject for a while. I am receiving
proxied requests from my upstream provider and I am also doing
authentication locally. The issue I've been experiencing has to do with
this error handed to me from my upstream provider :<br>
<br>
Tue Jan 2 09:47:05 2007 : Error: rlm_sql: Stop packet with zero
session length. (user 'celliott@<snip>', nas 'XXX.XXX.XXX.XXX')<br>
<br>
It seems that this is always the second ISDN connection that has its
session time set to zero.<br>
<br>
Thu Dec 21 23:08:02 2006<br>
Acct-Session-Id = "00009F8B"<br>
Framed-Protocol = PPP<br>
Acct-Authentic = RADIUS<br>
X-Ascend-Connect-Progress = Call-Up<br>
X-Ascend-PreSession-Time = 1<br>
X-Ascend-Xmit-Rate = 64000<br>
X-Ascend-Data-Rate = 64000<br>
Acct-Session-Time = 0<br>
Acct-Input-Octets = 0<br>
Acct-Output-Octets = 0<br>
X-Ascend-Pre-Input-Octets = 233<br>
X-Ascend-Pre-Output-Octets = 102<br>
Acct-Input-Packets = 0<br>
Acct-Output-Packets = 0<br>
X-Ascend-Pre-Input-Packets = 6<br>
X-Ascend-Pre-Output-Packets = 4<br>
Acct-Terminate-Cause = Port-Unneeded<br>
X-Ascend-Disconnect-Cause = No-Reason<br>
Acct-Status-Type = Stop<br>
User-Name = "celliott@<cut>"<br>
Acct-Multi-Session-Id = "00005D0F"<br>
X-Ascend-Multilink-ID = 23823<br>
Acct-Link-Count = 2<br>
X-Ascend-Num-In-Multilink = 2<br>
Framed-IP-Address = XXX.XXX.XXX.XXX<br>
NAS-Port = 20423<br>
NAS-Port-Id = "Serial7/4:23"<br>
NAS-Port-Type = ISDN<br>
Calling-Station-Id = "0217624546"<br>
Connect-Info = "64000 HDLC"<br>
Called-Station-Id = "0000"<br>
Service-Type = Framed-User<br>
NAS-IP-Address = XXX.XXX.XXX.XXX<br>
Acct-Delay-Time = 30<br>
Vendor-1431-Attr-1 = 0x4449414c<br>
Proxy-State = 0x3936<br>
Client-IP-Address = QQQ.QQQ.QQQ.QQQ<br>
Hint = "KING"<br>
Acct-Unique-Session-Id = "2b29fa83d47585d9"<br>
Timestamp = 1166735282<br>
<br>
What I would like, is to avoid radrelay for those packets as it only
jams up the radrelay queue when this happens while the logging to sql
works.<br>
The config below is insuffiecient as this is what leads me up to a
radrelay jam.<br>
<br>
[root@CCCCC:/var/log/freeradius/radacct] ls -hal<br>
total 6.4M<br>
drwxr-xr-x 2 freerad freerad 120 2006-12-21 23:08 .<br>
drwxr-xr-x 3 freerad freerad 872 2006-12-31 06:30 ..<br>
-rw------- 1 freerad freerad 6.3M 2007-01-02 08:45 detail-radrelay<br>
-rw------- 1 freerad freerad 1.2K 2006-12-21 23:08 detail-radrelay.work<br>
<br>
BTW is there a way to specify an OR / AND operator below for
acct_users? So that I can say something like <br>
<br>
DEFAULT [ Client-IP-Address == "XXX.XXX.XXX.XXX" ||<br>
Client-IP-Address == "YYY.YYY.YYY.YYY" ||<br>
Client-IP-Address == "ZZZ.ZZZ.ZZZ.ZZZ"
&&<br>
Acct-Session-Time == "0" ] , Acct-type :=
"REMOTE-AUTH"<br>
<br>
<b>acct_users</b><br>
# Do not radrelay these packets:<br>
DEFAULT Acct-Session-Time == "0", Acct-type := "REMOTE-AUTH"<br>
<br>
# This Configuration prevents Accouting loops of a two-way radrelay sync<br>
# [o] Radrelay must be sending accounting info from IP(s) below<br>
# on the other Radius server(s)<br>
DEFAULT Client-IP-Address == "XXX.XXX.XXX.XXX", Acct-type :=
"REMOTE-AUTH"<br>
DEFAULT Client-IP-Address == "YYY.YYY.YYY.YYY", Acct-type :=
"REMOTE-AUTH"<br>
DEFAULT Client-IP-Address == "ZZZ.ZZZ.ZZZ.ZZZ", Acct-type :=
"REMOTE-AUTH"<br>
# Everyone else must still be radrelay'ed<br>
DEFAULT Acct-type := "LOCAL-AUTH"<br>
<br>
<b>radiusd.conf</b><br>
accounting {<br>
# 2006-09-27: EPP<br>
# If Acct-Type is LOCAL-AUTH then log to sql module AND to
detail file<br>
# for radrelay - accounting sync daemon<br>
Acct-Type LOCAL-AUTH {<br>
radrelay<br>
sql<br>
}<br>
# 2006-11-24: EPP<br>
# If accounting packet is from one of our other radius servers,
then<br>
# just log it to sql...otherwise we will end up with an
Accouting packet<br>
# storm/loop.<br>
Acct-Type REMOTE-AUTH {<br>
sql<br>
}<br>
[snip...]<br>
<br>
<pre class="moz-signature" cols="72">--
Kind Regards
Etienne
</pre>
</body>
</html>