Hi, there are several things I can imagine to prevent the below, but before re-inventing the wheel, I'm sure somebody of you has a simple solution for this or some good posts to point to ?
Here it goes: using freeradius-1.0-pre2 on two servers, setup as follows: - server1 doing local mysql-accounting into table radacct - server2 is only accounting to detail and a detail-relay files for usage with radrelay to replay them to server1 the mysql-db is replicated from server1 (local-db) to server2 (local-db) but server2 does no accounting into sql while still doing auth/author but this shouldn't matter for this. Now, everything fine so far but while testing failover, I got duplicate accounting-records inserted into radacct-table. setup of database and queries is quite straightforward from the supplied sql.conf I were able to understand what happened: - server1 shutdown - session started 21:17:32, auth by server2, acct-start record on server2 saved in detail-relay for radrelay - radrelay on server2 has not yet sent the record from 21:17:32 to server1 - 21:22:02 server1 is up again - an acct-alive received for this session on server1 - server1 inserts a record with accounting_update_query_alt (as expected, no session in radacct yet present, so accounting_update_query fails and _alt kicks in) - 21:24:04 radrelay on server2 sends acct-start record to server1 using radrelay - server1 creates a new acct-session in radacct table (also as expected, accounting_start_query works fine) - from now on, the two sessions are updated "in sync" and closed correctly by server1 Now, banging my head to some walls, there are some more cases where things will go wrong: Scenario2: server1 down - acct-alive sent to server2 - server1 up - acct-stop to server1 - acct-alive from server2 sent by radrelay -> again duplicate sessions in radacct) The easiest thing I could imagine is something with AcctUniqueId to prevent duplicates BUT: AcctUniqueId is different between server1 and server2 for the above session, after going through all logs, Client-IP-Address is server2 instead of the NAS in the packet radrelay sent from server2 to server1 (which is intentional what I've understood) Now one could remove Client-Ip from acct_unique and make it unique in the DB but this alone probably won't really solve the problem. I'd appreciate any hint on solving these duplicate accounting issues -or in general on how to get 100% reliable accounting into my db with two radius servers. Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html