bug-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnu-radius] Accounting trail in a proxy setup

From: Maurice Makaay
Subject: Re: [Bug-gnu-radius] Accounting trail in a proxy setup
Date: Wed, 21 Jul 2004 16:24:46 +0200 
Sergey,

> > This was one of the scenario's I had in mind. The reason for
> > not logging the detail record is _for sure_ that the remote party does
> > not return an Accounting-Accept packet.
> 
> Oops. But then, the terminal equipment does not receive it as
> well. Is it OK? And (if it is configured as usual) it is
> retrying to send the same accounting packet again... and again...

It's not configured to resend accounting forever, so the sending will
stop eventually. I think it will send 3 packets to our radiusserver
and 3 packets to our backup radiusserver. After that, the radiusserver
will just give up.

> >     realm     1.2.3.4:1812    fwacct=1.2.3.4:1813
> 
> What exactly should fwacct flag do?

Something like:

    realm     1.2.3.4:1812    auth,acct

but instead it will not _proxy_ the accounting for the realm, but it will just
_forward_ it (just like the "forward" keyword in raddb/config would accomplish,
except that now forwarding is only done for the specified realm). In this case
I do not really care if our customer catches the accounting packet or not, so
non-proxy forwarding would be OK.  The most important thing is that we have an
accurate accounting for our own billing proces. 

BTW: I think fwacct=1.2.3.4:1813 is a bit strange and feel more for the other
option I proposed: just "fwacct". The radiusserver+port to which the accounting
must be sent can of course already be found in column 2 of the file. So as far
as accounting is concerned, you would get the following options:

 realm   1.2.3.4:1812    noacct         -> accounting is done 100% locally
 realm   1.2.3.4:1812    acct           -> accounting is proxied to 1.2.3.4
 realm   1.2.3.4:1812    fwacct         -> accounting is forwarded to 1.2.3.4

> Hmm, I guess I should have more information about your setup to
> analize this. In particular, if what I said above about the
> terminal equipment is true, you may end up having multiple
> accounting records for each session...

That's one of the main assumptions that our accounting system is built
on. Mainly because in the "old days" we would get a lot of duplicate
accounting records from multiple sources from our dial-in provider. So
duplicate records are ignored. Don't bother analyzing our newest kludge.
I'll just build it and see if it behaves like I want to ;-)

Kind regards,

Maurice Makaay
reply via email to
[Prev in Thread] Current Thread [Next in Thread]