<HTML>
<HEAD>
<TITLE>Problems with RADIUS accounting</TITLE>
</HEAD>
<BODY>
<FONT SIZE="4"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Chaps,<BR>
I’ve got a problem here that seems to be associated with Accounting when using a database to store accounting information<BR>
<BR>
Production system<BR>
<BR>
3 real servers each server running 2 instances of radiator – one for authentication and one for accounting<BR>
<BR>
These serves are front ended by a Foundry ServerironXL device that load balances radius acct and auth requests over <BR>
<BR>
Authentication is performed by proxying of auth requests to a pair of legacy steel belted radius servers.<BR>
<BR>
I’ve got a couple of perl hooks that access the back end database when authenticating.<BR>
<BR>
My radius config has a number of session log definitions for various types of RAS e.g. HP switches doing 802.1x, Trapeze networks Wireless kit. In addition to this I’ve split how I process the accounting records by having a handler statement for Accounting start records, accounting Alive records and accounting stop records<BR>
so for our HP wired network I have the following sessionlog definitions.<BR>
<BR>
Hull_Wired_Start_mysql creates a record in the radonline table<BR>
Hull_wired_alive_mysql updates the above record with session time and gata transmitted info<BR>
Hull_Wired_Stop_mysql deletes the radonline record.<BR>
<BR>
The above are replicated for the various other systems.<BR>
<BR>
I’m also using ClientListSQL to keep track of my RAS clients<BR>
<BR>
Test system<BR>
<BR>
Dell 2850 server 8Gbytes of ram radiator 4.2<BR>
<BR>
<BR>
The database for both setups sits on a redhat 5.1 64 bit system – dual 3Ghz processors with 12Gbytes of ram that also provides support for my db2 V9.5 system. At the moment the box is hardly being used.<BR>
<BR>
The mysql database uses InnoDB tables and I’m using the sample radSupport DB definitions.<BR>
<BR>
The problem I’m having is that with only about 20 switches I’m seeing loads of “failure to connect to Radius server” messages at the switch end.. Its not the authentication its the accounting side of things that are causing the problem.<BR>
<BR>
Initially I thought it might have been the load balancer but it doens’t look as if it is. I’ve got an HP switch in my office that I use to test dot1x authentication so I pointed it at my development Radiator server for acct and auth. The only common point was the back end mysql database. This switch did the same thing as the others and there are only 2 clients authenticating to it a Mac OSX machine and a Vista machine and they’re both mine.<BR>
<BR>
I then rewrote the Sessionlog statements to use the DB2 database running on the same machine ... Which looked as if things might have worked. However, I then pointed the Trapexe accounting at the devel server and almost immediately started getting failure to connect to radius server messages on the trapeze console. As it happened there was an error in an sql statement for the sessionlog that dealt with updates. After I fixed this it <B>looked</B> as if things were working o.k. The problem is that its now 5:32 on a Thursday and there’s not a lot of traffic around.<BR>
<BR>
I really can’t see anything wrong anywhere or why I’m getting these errors. Eventually we’ll have 2 or 3 hundred switches passing accounting info to this setup and at the moment it looks as if its not going to cope which is silly.<BR>
<BR>
I understand that FreeRadius 2.0 has some form of buffering facility whereby if the server loses connection with the back end database it queues up accounting info on disk until connection to the database is restored.<BR>
<BR>
<BR>
Any help/thoughts/suggestions appreciated.<BR>
<BR>
Alex<BR>
</SPAN></FONT></FONT>
</BODY>
</HTML>