I am having an interesting problem here. I am running FreeRadius 0.7.1 on FreeBSD 4.6-RELEASE. I previously had the server running as nobody:nobody with all accounting directories/files marked with the correct permissions. Everything appeared to work fine except the accounting logs. According to 'tcpdump' on FreeBSD and 'term mon' on the Cisco, it appears that the NAS server would send a request to the radius server asking for authentication, the radius server would reply granting access, then the NAS server would send the accounting logs to the radius server. At this point the radius server would log the accounting record, but it would not send an ACK back to the NAS server, so the NAS server would resend the log again. It would keep resending it until the limit defined in the NAS server was reached. After a lot of debugging I managed to narrow the problem down to which account is running radiusd. If it runs as root, the radius server will respond to the NAS server saying it has received the accounting log, and will only log one instance. If I run the radius server as any other account (tried nobody and daemon) it will not respond to the NAS, and place multiple instances of the accounting record in the log file. Leaving the rest of the radiusd.conf file the same and only changing who radiusd runs as causes the above mentioned problem. Obviously running the server as root solves the issue, but opens up security concerns I would rather not have to deal with. Could someone verify this and possibly work on a solution? If I am missing something or you need further information, please let me know. Thanks in advance!
----- Eric Parker CCNA Certified System Administrator - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
