Radacct Reused ?

Alan DeKok aland at deployingradius.com
Sun Apr 21 01:50:12 CEST 2019


On Apr 19, 2019, at 6:40 PM, Oscar <oscar at jofre.com> wrote:
> I've serch and found the pice of code that I think creates the unique id

  Yes.

> I'm trying to understand why acctuniqueid=6cf28675aa2c38a046d7f46f65e36e72 has been created again

  Because all of the values used to create it are the same.

> and can't follow this code.
> 
> Where and what is the class I gess {%1} ? hex:&Class ? string:&Class ?

  See "man unlang".

> I think if in my case we go throw:
>                        &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
> 
> Then unique id can be reused because user-name and rest of values can be the same. 

  Yes.

> Where comes the Acct-Session-ID ?

  The NAS sends it.  If you read the debug output, you will see this.

> Sorry for too many questons ... but try to figure out how it works.

  The short answer for the problem here is that the NAS is re-using values for sessions.  It's not supposed to do that.  The Acct-Session-Id is *supposed* to be mostly unique.

  If the NAS is this bad, then no amount of poking the FR config will fix it.  There is literally nothing you can do to stop the problem of re-used sessions.  You have to get a NAS which implements RADIUS properly.  i.e. one that isn't garbage.

  Alan DeKok.




More information about the Freeradius-Users mailing list