How to deal with this ...

Mon Sep 26 17:25:36 CEST 2005

On Fri, 2005-23-09 at 15:01 -0300, Ezequiel O. Block wrote: 
> Guy Fraser wrote:
> > On Fri, 2005-23-09 at 11:55 -0300, Ezequiel O. Block wrote:
> >> Hi Guys,
> >>
> >> Using Freeradius for authorization, accounting and ip pools management.
> >>
> >> By mistake i turned off my NAS, and when this NAS came back online then 
> >> freeradius began rejecting my users as if they were still connected, 
> >> should my NAS send some kind of "Accounting restart let's start again" 
> >> packet to Freeradius in order to let him know that those users are no 
> >> longer connected? am i right? if not how can i deal with this kind of 
> >> problems? apart from not being so stupid again to turn off a nas by 
> >> mistake ....
> >>
> > Yes your NAS probably should, but many vendors do not include
> > support for Accounting on and Accounting off.
> 
> I'm using MPD on FreeBSD as PPPoe AC, I'm going to ask on their mailing 
> list to see if it does support accounting on/off.
> 
> > 
> > If your NAS does not support Accounting On/Off there is little 
> > you can do. If your NAS supports remote syslog, you could 
> > monitor the log and watch for something that occurs at startup 
> > or shutdown. You could also set up up some kind of "heart beat"
> > monitor that checks to see if the NAS shuts down. You can use 
> > these to close the open accounts on the affected NAS. You will 
> > need to be careful how you account for the interuption in your 
> > billing system because you will not have any accurate accounting 
> > information or stop time. In the past when we have had NAS 
> > failures we did not bill for the session that failed, but to 
> > limit our exposure we set a 100 hour maximum session time, that 
> > way users have to connect at least 7 times per month so we don't 
> > loose a complete billing cycle.
> 
> Thanks a lot for the tip, I just switched back to plain text validation 
> over the NAS itself, to recover from this situation I'm just about to
> 
> 1. DELETE FROM radacct WHERE AcctStopTime is NULL and NASIPAddress = 
> 'a.b.c.d';

Rather than delete the record, maybe set AcctStopTime = AcctStartTime,
AcctSessionTime = 0 and the Termination cause = NAS-Shutdown or
something like that.

I don't have access to a FreeRadius machine this morning, but if I 
remember correctly there is an SQL query defined for Accounting 
On/Off handling.

I don't delete any records from the database and if I update a 
record I set the Termination Cause to indicate why the record was 
updated manually.

> 
> 2. Restart freeRadius to clean up those ips no longer in use?

I have never used IP pools on a radius server, so I don't know the 
best way to flush the unused IPs.

> 
> 3. did I forget something?
> > 

If you are using session/unix files {radutmp and radwtmp} you may 
need to use radzap to clear the entries from them.