[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnu-radius] Accounting trail in a proxy setup
From: |
Maurice Makaay |
Subject: |
Re: [Bug-gnu-radius] Accounting trail in a proxy setup |
Date: |
Wed, 21 Jul 2004 16:24:46 +0200 |
Sergey,
> > This was one of the scenario's I had in mind. The reason for
> > not logging the detail record is _for sure_ that the remote party does
> > not return an Accounting-Accept packet.
>
> Oops. But then, the terminal equipment does not receive it as
> well. Is it OK? And (if it is configured as usual) it is
> retrying to send the same accounting packet again... and again...
It's not configured to resend accounting forever, so the sending will
stop eventually. I think it will send 3 packets to our radiusserver
and 3 packets to our backup radiusserver. After that, the radiusserver
will just give up.
> > realm 1.2.3.4:1812 fwacct=1.2.3.4:1813
>
> What exactly should fwacct flag do?
Something like:
realm 1.2.3.4:1812 auth,acct
but instead it will not _proxy_ the accounting for the realm, but it will just
_forward_ it (just like the "forward" keyword in raddb/config would accomplish,
except that now forwarding is only done for the specified realm). In this case
I do not really care if our customer catches the accounting packet or not, so
non-proxy forwarding would be OK. The most important thing is that we have an
accurate accounting for our own billing proces.
BTW: I think fwacct=1.2.3.4:1813 is a bit strange and feel more for the other
option I proposed: just "fwacct". The radiusserver+port to which the accounting
must be sent can of course already be found in column 2 of the file. So as far
as accounting is concerned, you would get the following options:
realm 1.2.3.4:1812 noacct -> accounting is done 100% locally
realm 1.2.3.4:1812 acct -> accounting is proxied to 1.2.3.4
realm 1.2.3.4:1812 fwacct -> accounting is forwarded to 1.2.3.4
> Hmm, I guess I should have more information about your setup to
> analize this. In particular, if what I said above about the
> terminal equipment is true, you may end up having multiple
> accounting records for each session...
That's one of the main assumptions that our accounting system is built
on. Mainly because in the "old days" we would get a lot of duplicate
accounting records from multiple sources from our dial-in provider. So
duplicate records are ignored. Don't bother analyzing our newest kludge.
I'll just build it and see if it behaves like I want to ;-)
Kind regards,
Maurice Makaay