misbehaving nas's send accounting to both primary and secondary servers
Alan DeKok
aland at deployingradius.com
Thu Oct 1 08:57:15 CEST 2009
Joe Maimon wrote:
> What is the best way to deal with misbehaving nas's that send accounting
> to both the primary and secondary server, even while receiving replies
> to both queries.
Throw it away, and buy a real NAS.
I guess I should learn to *not* be shocked by how bad the NAS
equipment is.
> This results in multiple accounting records in sql, with duplicate
> acctsessionid and acctuniqueid values.
The NAS sends *different* Acct-Session-Id values for the same session?
It's definitely a piece of garbage. What the heck would it do if it
failed over from one RADIUS server to another? Change the session Id?
> Assuming the NAS cannot be properly configured, either for technical or
> other reasons, these are the potential options.
>
> - configure only one of the primary or secondary on the NAS
That MIGHT work. See above.
> - get the server to recognize the existing record and update it instead
> of inserting a new one
What are the contents of the accounting packets? How could you use
those contents to determine that two packets were about the "same" session?
i.e. post some packet contents here. Odds are that you can look at
NAS-IP-Address, NAS-Port, and maybe User-Name. If those all match, odds
are it's for the same session, even if Acct-Session-Id is different.
> Now there is account_start_query_alt, but that appears to only be called
> if the account_start_query fails.
>
> With the default mysql schema, I dont think there is anything to cause
> that query to ever fail.
>
> Tips and advice are greatly appreciated.
Tell the NAS vendor that their product is horrible. Get THEM to fix
the problem.
Having all of their customers deploy "work-arounds" just encourages
idiots. If all of their customers called, complained, and threatened to
return the equipment, you can bet it would get fixed in a hurry.
Alan DeKok.
More information about the Freeradius-Users
mailing list