I'll try to be clear :)
We have Cisco 2500 with IOS 12.0(4)
and it seems to have such bug...
Some user tries to log in on this Cisco,
and gets Access-Reject, but Cisco
(I don't know whether it has already
processed Access-Reject at this moment)
sends Accounting-Stop packet for that user
without corresponding Accounting-Start packet.
Probably, this user disconnects BEFORE
Cisco gets Access-Reject, and then it
decided to send Stop-record...
Did anybody see such problem and what are
possible workarounds for this sutuations?
Thanks in advice...
These are logs from our proxy freeradius:
rad_recv: Access-Request packet from host <cisco>:1645, id=38, length=78
Thread 1 assigned request 4550
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
Thread 1 handling request 4550, (826 handled so far)
NAS-IP-Address = <cisco>
NAS-Port = 4
NAS-Port-Type = Async
User-Name = "HACKER"
Called-Station-Id = ""
User-Password = "..."
Service-Type = Framed-User
Framed-Protocol = PPP
...
Sending Access-Reject of id 38 to <cisco>:1645
Reply-Message = "*** User HACKER already online!\n\r\n"
Finished request 4550
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Accounting-Request packet from host <cisco>:1646, id=39, length=100
Thread 3 assigned request 4552
--- Walking the entire request list ---
Waking up in 6 seconds...
Thread 3 handling request 4552, (826 handled so far)
NAS-IP-Address = <cisco>
NAS-Port = 4
NAS-Port-Type = Async
User-Name = "HACKER"
Called-Station-Id = ""
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "0000A931"
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Session-Time = 0
Acct-Delay-Time = 0
...
--
Fduch M. Pravking
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
