I know that this is FreeRadius forum, but since ICRadius forum is almost dead i thought someone can help me, here. It turns out this morning that I have over 1,800,000 records in my RadAcct table with blank username. Probably I am under attack. The record is so much different than regular user records authenticated through NAS server. In each record AcctSessionTime=1
No HTML please, quite aside from the off-topic.
NASPortType Virtual AcctAuthentic local CalledStationId first 10 char of A.B.C.D AcctTerminateCause Lost-Carrier Service-Type NAS-Prompt-User NASPortId 122, 123
I've seen similar requests from our Ascend Max'es. They rather bizarrely send radius requests with weird parameters asking for things like routes, banner messages and so forth. Furthermore I found that unless you reject them outright the NAS will keep spamming you with them - I'm sure there's a way to turn it off, but I just ended up with this in my users' file: DEFAULT Service-Type == Outbound-User, User-Password := 'ascend', Auth-Type := Reject Fall-Through = No You also didn't say whether "A.B.C.D" was the IP of one of your NASes. In any case, you should use ethereal or something similar to capture the traffic and *LOOK* at it. HTH