Proxying accounting to create a 'tee'

Arran Cudbard-Bell a.cudbard-bell at sussex.ac.uk
Sat Aug 22 12:53:16 CEST 2009 

Fajar A. Nugraha wrote:
> On Sat, Aug 22, 2009 at 7:59 AM, Arran
> Cudbard-Bell<A.Cudbard-Bell at sussex.ac.uk> wrote:
>   
>> On 21/08/2009 21:15, John Morrissey wrote:
>>     
>
>   
>>> Is decoupled-accounting (writing all detail to disk and replaying it
>>> serialized with a detail listener) the only way to configure FreeRADIUS to
>>> respond to the NAS?
>>>
>>>       
>> Yes. Otherwise it'll wait for the response from the proxy server, and proxy the Accounting-Response from the proxy server back to the NAS. It's the only way the NAS could be sure the remote server
>> received the Accounting-Request.
>>     
>
> In that setup, where does one get AcctStartTime and AcctStopTime values?
>   
The RADIUS server records the amount of delay between the packet being
received and the packet being entered into the database, you then have
to compensate for this (you should be already) when you read
Accounting-Sessions out of the database.

The attribute it uses is Acct-Delay-Time, and it's a simple sum of the
received Acct-Delay-Time and how much time has passed since the request
was written to the detail file.

To calculate the real AcctStartTime and AcctStopTime, you may use the
following SQL snippets:

(UNIX_TIMESTAMP(`acctstarttime`) - `acctstartdelay`) as 'acctstartadj'
(UNIX_TIMESTAMP(`acctstoptime`) - `acctstopdelay`) as 'acctstopadj'

Or just use whatever functions are available in your scripting environment.
> - is it from the NAS?
>   
No, the NAS doesn't include any timestamps. There is no guarantee that
the NAS's clock would be in sync. Including an Acct-Delay-Time attribute
means that timestamps are calculated using a common reference (the local
time on the server).
> - is it determined by the radius when writing to detail file, and
> everything after that simply reads what's in the detail file?
>   
When the packet is written to the detail file, an attribute is written
along with the request attributes (I think it's something like
Packet-Original-Timestamp), this is subtracted from the current time and
added to the original Acct-Delay-Time value.

> - Or does every radius/SQL server involved create its own depending on
> when it receives the packet/query?
>
>   
RADIUS server creates its own.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090822/09b26c26/attachment.pgp>

More information about the Freeradius-Users mailing list