help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Help-gnu-radius] several radius CDR's for each call !

From: Macram Zaarour
Subject: RE: [Help-gnu-radius] several radius CDR's for each call !
Date: Tue, 5 Aug 2003 13:31:44 +0300 
Hello Sergey,

I Installed gnuradius1.1 as suggested in ur mail.. and I did the config
mentioned. But am getting the following message

Aug 05 10:13:32 Acct.notice: (ACCTREQ nyt2 218 62.49.76.214 Stop
0000FD1C): Dropping packet: too many requests of this type

Does this mean i am losing data  or is this message due to the fact that
radius is discarding multiple CDR's ?  
PS i increased max-processes to 64

Thanks

-----Original Message-----
From: Sergey Poznyakoff [mailto:address@hidden 
Sent: Sunday, August 03, 2003 11:22 AM
To: Macram Zaarour
Cc: address@hidden
Subject: Re: [Help-gnu-radius] several radius CDR's for each call ! 

Hi Macram,

> But lately, and very often i am getting more than one CDR (sometimes
6)
> for each call. I noticed this in both the text files and the database
> 
> The radius log does not show any error
> Could it be that radius ackgnowledgement  is not reaching the Cisco ?

Yes, most probably this is so. First, make sure that the
request-cleanup-delay in the acct block of your config file
is set to at least 50 (radius-server retransmit * radius-server
timeout). This should make sure radiusd will catch all possible
duplicates.

There is another problem, though: Cisco rarely retransmits its
accounting requests using the same ID and request authenticator
as RFC requires. This may prevent radiusd from discerning
the duplicate requests. Usually it receives several accounting
requests with different Acct-Delay-Time attributes, but otherwise
completely equivalent. If this is so, you will have to use
the so-called extended comparison. To do so, you will first need
to upgrade to version 1.1. Then, read the section "Extended
comparison" (see
http://www.gnu.org/software/radius/manual/html_node/radius_69.html#SEC13
6)

In short, it boils down to the following:

1) Mark in your raddb/dictionary the accounting attributes that can
be reliably used for comparing the two requests. Usually these are:
User-Name,Acct-Status-Type,Acct-Session-Id,NAS-Port-Type, and
possibly Acct-Input-Octets and Acct-Output-Octets. To mark them,
add a single digit (say '1') to their syntax flags, like shown
in the example below:

ATTRIBUTE       Acct-Status-Type        40      integer - []1

2) To each entry in your raddb/naslist that describes a Cisco, add
the following flag: `compare-acct-flag=1', this will instruct radiusd
to use attributes marked with `1' for comparing the requests coming
from these NASes. A sample raddb/naslist entry will then look as
follows:

cisco.domain.com        cisco1   as5300  compare-acct-flag=1

That's all :^)

And finally, to be quite sure no duplicates will ever slip
to your database, you may try creating a unique index on the accounting
table. For example

CREATE UNIQUE INDEX index_name ON calls (user_name,nas_ip_address,
 
nas_port_id,acct_session_id,acct_input_octets,acct_output_octets);

Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]