Free Radius accounting and duplicate session entries in radacct with different output/input octets

Alan DeKok aland at deployingradius.com
Wed Nov 25 16:42:39 CET 2009


Ade Slade wrote:
> Firstly, is the accounting part of FreeRadius used by major
> organisations?

  http://freeradius.org/press/survey.html

  If by "major", you mean "10 million or more users", yes.

> Due to the possibility and indeed occurrence of duplicate
> sessions appearing in the radacct table and other issues I've found, it
> doesn't seem to be all that robust a solution. I realise freeradius is
> just reporting what it is sent from the NAS and so is not to blame.

  RADIUS is a robust solution if you (a) buy a reasonable NAS, and (b)
understand its limitations.

> Secondly, I've experienced duplicate accounting sessions appearing which
> report different input/output octets. Over the set of the data, it has
> happened infrequently but it is undesirable. Comparing the data inserted
> into the radacct table and the logs, one (or more) of the duplicate
> sessions will reflect the logs and one of the duplicates will show
> completely different input/output octets. It's worth noting that these
> duplicate sessions share the same AcctSessionTime, AcctSessionId,
> AcctUniqueId and UserName. Any ideas on what the cause of this could be?

  Your NAS is broken.  Buy a real NAS.

  *ALL* of the data in an accounting packet is generated by the NAS.  If
it sends two packets for the same user with the same session time,
session Id, and username, BUT different input/output octets, then it's
BROKEN.

  Alan DeKok.



More information about the Freeradius-Users mailing list