One of my radius servers stopped doing its radius thing. Everything was going along swimmingly, and then it suddenly stopped at 1:00AM.\u00a0 Restarts didn’t fix it.<\/p>\n
The way this server works is that the default handler receives accounting packets, writes it to spool files, and then another process forwards the contents of the spool files to the correct destinations (e.g. databases). However, it stopped. There was no reason, so I (eventually) looked at the spool files in That’s an accounting packet from the NAS that says it is rebooting, and all<\/strong> the sessions have are going away. When this packet was handled, FreeRadius lost its mind and added the The reason that this was happening to these accounting packets is that the processing section for the accounting packets said things like this (edited for brevity):<\/p>\n The idea is to log to a spool file for handling by another server:<\/p>\n So the trouble is that the So I fixed it, and now it’s better.<\/p>\n","protected":false},"excerpt":{"rendered":" One of my radius servers stopped doing its radius thing. Everything was going along swimmingly, and then it suddenly stopped at 1:00AM.\u00a0 Restarts didn’t fix it. The way this server works is that the default handler receives accounting packets, writes … Continue reading \/var\/log\/radius\/radacct\/blah<\/code> and found this packet:<\/p>\nTue Nov 6 00:57:15 2018\r\n User-Name = \"\"\r\n Event-Timestamp = \"Nov 6 2018 00:57:15 SAST\"\r\n Acct-Status-Type = Accounting-Off\r\n NAS-IP-Address = 104.78.28.84\r\n Connect-Info = \"\"\r\n Module-Failure-Message = \"Failed retrieving values required to evaluate condition\"\r\n Module-Failure-Message = \"Failed retrieving values required to evaluate condition\"\r\n Module-Failure-Message = \"Failed retrieving values required to evaluate condition\"\r\n Timestamp = 1541458635\r\n<\/pre>\n
Module-Failure-Message<\/code> attributes.<\/p>\naccounting {\r\n if ( &Framed-IP-Address =~ \/^192\\\\.168\\.\/) {\r\n detail-write-nat-server\r\n }\r\n # ...\r\n ok\r\n}\r\n<\/pre>\ndetail detail-write-nat-server {\r\n filename = ${radacctdir}\/nat\/detail-%Y%m%d:%H\r\n permissions = 0664\r\n header = \"%t\"\r\n locking = yes\r\n}<\/pre>\nFramed-IP-Address<\/code> attribute is not present in this particular accounting packet. Here’s the right way of doing it:<\/p>\naccounting {\r\n if ( &Framed-IP-Address &&<\/b> &Framed-IP-Address =~ \/^192\\\\.168\\.\/) {\r\n detail-write-nat-server\r\n }\r\n # ...\r\n ok\r\n}<\/pre>\n