<div dir="ltr"><div>Hello All,</div><div><br></div><div>I stumbled onto some unexpected behavior with freeRADIUS and I'm curious if it's a mis-configuration or a defect. The first thing I did was comment out all places where radutmp and sradutmp were being used. I don't use those files so I figured I'd free up some resources by commenting them out. Upon doing so, I noticed that freeRADIUS no longer sent accounting-response packets to my NAS, everything else worked fine. However, when I ran radiusd -X from the command line it sent accounting-responses, everything ran perfectly. When I went back to running radiusd as a service, it no longer sent accounting-responses.</div>
<div><br></div><div>To address the issue, I commented out the "unix" line in the accounting module in radiusd.conf. My assumption is that since I commented out the "radwtmp" line in the "unix" section but not the "unix" line in the "accounting" section, radiusd is choking on processing accounting packets because it can't find the radwtmp file. Mis-configuration on my part?</div>
<div><br></div><div>Below you'll find my freeRADIUS version, snippet from my radiusd.conf causing the unexpected behavior containing the "unix" and "accounting" sections, and lastly a snippet from the fixed version of radiusd.conf where the "unix" line is commented out.</div>
<div><br></div><div>Any insight would be greatly appreciated. Thanks for you time.</div><div><br></div><div>FreeRADIUS Version</div><div>ProCurve NAC 800(ac-nac):~ # radiusd -version</div><div>radiusd: FreeRADIUS Version 1.1.6, for host i686-redhat-linux-gnu, built on Jun 3 2008 at 10:26:23</div>
<div>Copyright (C) 2000-2007 The FreeRADIUS server project.</div><div><br></div><div>Snippet of problem radiusd.conf</div><div>Accounting and unix sections of my /etc/raddb/radiusd.conf</div><div><br></div><div><div> unix {</div>
<div> #</div><div> # Cache /etc/passwd, /etc/shadow, and /etc/group</div><div> #</div><div> # The default is to NOT cache them.</div><div> #</div>
<div> # For FreeBSD and NetBSD, you do NOT want to enable</div><div> # the cache, as it's password lookups are done via a</div><div> # database, so set this value to 'no'.</div>
<div> #</div><div> # Some systems (e.g. RedHat Linux with pam_pwbd) can</div><div> # take *seconds* to check a password, when th passwd</div><div> # file containing 1000's of entries. For those systems,</div>
<div> # you should set the cache value to 'yes', and set</div><div> # the locations of the 'passwd', 'shadow', and 'group'</div><div> # files, below.</div>
<div> #</div><div> # allowed values: {no, yes}</div><div> cache = no</div><div><br></div><div> # Reload the cache every 600 seconds (10mins). 0 to disable.</div>
<div> cache_reload = 600</div><div><br></div><div> #</div><div> # Define the locations of the normal passwd, shadow, and</div><div> # group files.</div><div> #</div>
<div> # 'shadow' is commented out by default, because not all</div><div> # systems have shadow passwords.</div><div> #</div><div> # To force the module to use the system password functions,</div>
<div> # instead of reading the files, leave the following entries</div><div> # commented out.</div><div> #</div><div> # This is required for some systems, like FreeBSD,</div>
<div> # and Mac OSX.</div><div> #</div><div> passwd = /etc/passwd</div><div> shadow = /etc/shadow</div><div> group = /etc/group</div><div><br></div>
<div> #</div><div> # The location of the "wtmp" file.</div><div> # This should be moved to it's own module soon.</div><div> #</div><div> # The only use for 'radlast'. If you don't use</div>
<div> # 'radlast', then you can comment out this item.</div><div> #</div><div> #radwtmp = ${logdir}/radwtmp</div><div> }</div><div><br></div></div><div>accounting {</div>
<div> #</div><div> # Create a 'detail'ed log of the packets.</div><div> # Note that accounting requests which are proxied</div><div> # are also logged in the detail file.</div><div> $INCLUDE ${confdir}/hpidm.accounting.conf</div>
<div> detail</div><div> #daily</div><div><br></div><div> # Update the wtmp file</div><div> #</div><div> # If you don't use "radlast", you can delete this line.</div><div>
unix</div><div><br></div><div> #</div><div> # For Simultaneous-Use tracking.</div><div> #</div><div> # Due to packet losses in the network, the data here</div><div> # may be incorrect. There is little we can do about it.</div>
<div> #radutmp</div><div> #sradutmp</div><div><br></div><div> # Return an address to the IP Pool when we see a stop record.</div><div> # main_pool</div><div><br></div><div> #</div>
<div> # Log traffic to an SQL database.</div><div> #</div><div> # See "Accounting queries" in sql.conf</div><div> # sql</div><div><br></div><div><br></div><div> # Cisco VoIP specific bulk accounting</div>
<div> # pgsql-voip</div><div>}</div><div><br></div><div><br></div><div>Snippet from working radiusd.conf</div><div><div>accounting {</div><div> #</div><div> # Create a 'detail'ed log of the packets.</div>
<div> # Note that accounting requests which are proxied</div><div> # are also logged in the detail file.</div><div> $INCLUDE ${confdir}/hpidm.accounting.conf</div><div> detail</div><div> #daily</div>
<div><br></div><div> # Update the wtmp file</div><div> #</div><div> # If you don't use "radlast", you can delete this line.</div><div> #unix COMMENTED OUT</div><div><br></div><div>
#</div><div> # For Simultaneous-Use tracking.</div><div> #</div><div> # Due to packet losses in the network, the data here</div><div> # may be incorrect. There is little we can do about it.</div>
<div> #radutmp</div><div> #sradutmp</div><div><br></div><div> # Return an address to the IP Pool when we see a stop record.</div><div> # main_pool</div><div><br></div><div> #</div>
<div> # Log traffic to an SQL database.</div><div> #</div><div> # See "Accounting queries" in sql.conf</div><div> # sql</div><div><br></div><div><br></div><div> # Cisco VoIP specific bulk accounting</div>
<div> # pgsql-voip</div><div>}</div></div>
</div>