Simultaneous-Use/user accounting on merit radius

Steve Hsieh (steveh@eecs.umich.edu)
Sat, 6 Apr 1996 00:30:55 -0500 (EST)

Speaking of Simultaneous-Use on the merit radius, I also have not been
able to get it working properly on our system, or accounting in general
for that matter. However, it doesn't seem to be a radius problem, at least
I don't think so.

The problem is that when a person calls and authenticates, that person
shows up on the session.las file. However, when the person disconnects,
the user doesn't get removed. Thus, there are a lot of CONN and SUSP
entries in it, and they don't go away until either a timeout occurs (I
believe) or when a new user logs into that port. If you use lasrecord to
parse the record.las file, all entries look like:

04/03/96 22:47:43
Access-ID: hmyeh
Status: Killed
Started at: 04/03/96 22:28:04
LAS duration: 00:19:39
Connect time: 00:11:53
Time limit: 0
Session: /
Token: NA
From: pm1.eecs.umich.edu/26
Service class: NA
Filter: NA
Service type: Framed/PPP

>From what I can tell, the portmaster is not sending any message to the
radius server when a modem disconnect occurs. Is there some good way to
debug or figure out what is going on? In the log file, I only get entries
like:

Sun Mar 31 23:14:56 1996: rad_authenticate: 191/253 'hmyeh' at pm1.eecs.umich.ed
u PPP
Sun Mar 31 23:14:56 1996: Authentication: 191/253 'hmyeh' via pm1.eecs.umich.edu
from pm1.eecs.umich.edu port 9 PPP - OK
Sun Mar 31 23:15:00 1996: Accounting: 193/215 'hmyeh' via pm1.eecs.umich.edu fro
m pm1.eecs.umich.edu port 9 Start - OK
Sun Mar 31 23:31:06 1996: Accounting: 205/224 'hmyeh' via pm1.eecs.umich.edu fro
m pm1.eecs.umich.edu port 9 Stop - OK

I even get multiple Stops -- by connecting with a dumb terminal, the
portmaster sends a start when you connect to a session. Then if you exit
back to the host: prompt (we have nohangup set on the portmaster), it
sends a Stop to the radius server. But then if you connect to another
host, it doesn't send anything -- until you log out of host 2, when it
sends another stop to the radius/accounting server.

So how does one figure out when the user has really logged out? I can't
trust the accounting stop packet because it only means they have logged
out of that host, but not necessarily disconnected, correct? As a
result, users never get removed from session.las, but only killed when
new users take their place.

I noticed in the las code that it differentiates between STOP and
MODEM_STOP. Yet I have never seen what might be considered a modem stop
packet.

We are using ComOS 3.3.1, and merit radius 2.4.21 with LAS_NO_HGAS.
(We don't use any tokens or realms, either -- just a NULL entry in
authfile and realms.las)

Suggestions?

-Steve