On Sep 17, 2024, at 12:20 PM, Connor Herring <connorrjherring@gmail.com> wrote:
There's an entry in the radacct table of my SQL database with the MAC address of one of my users. I was under the impression that only successful authentication attempts were recorded in here but there is no record that matches that username in the database to allow it to be successful. I can see it in the radacct file of the NAS in the var/logs/ file of the server but can't see if it was successful or not exactly.
Weirder still, I cannot see this authentication attempt in the radpostauth table.
While accounting is usually tied to authentication, there is no guarantee that's true. The NAS is free to invent random accounting packets and send them to the server.
The MAC address is the same as the MAC of the device that sent the request so I wondered if there had been any record of this sort of thing happening previously. And if so what could cause it?
The NAS did something weird. Why? I dunno... NASes do "inventive" things. Alan DeKok.