RADIUS Accounting Terminate Causes DATE: August 20, 1999 SUMMARY: Release 3.3.2 has added support for the RADIUS (TM) Accounting Acct-Terminate-Cause attribute to provide information on the cause of session termination. In addition, if termination debugging is turned on using the "set debug termination on" command, additional termination information is sent to syslog (auth.info) and the system console. Before upgrading the PortMaster(TM), update your /etc/raddb/dictionary file by adding the following lines, kill your radiusd and restart it. An updated dictionary file is available at ftp://ftp.livingston.com/pub/le/radius/dictionary. ATTRIBUTE Acct-Terminate-Cause 49 integer VALUE Acct-Terminate-Cause User-Request 1 VALUE Acct-Terminate-Cause Lost-Carrier 2 VALUE Acct-Terminate-Cause Lost-Service 3 VALUE Acct-Terminate-Cause Idle-Timeout 4 VALUE Acct-Terminate-Cause Session-Timeout 5 VALUE Acct-Terminate-Cause Admin-Reset 6 VALUE Acct-Terminate-Cause Admin-Reboot 7 VALUE Acct-Terminate-Cause Port-Error 8 VALUE ACCT-terminate-cause NAS-Error 9 VALUE ACCT-terminate-cause NAS-Request 10 VALUE Acct-Terminate-Cause NAS-Reboot 11 VALUE Acct-Terminate-Cause Port-Unneeded 12 VALUE Acct-Terminate-Cause Port-Preempted 13 VALUE Acct-Terminate-Cause Port-Suspended 14 VALUE Acct-Terminate-Cause Service-Unavailable15 VALUE Acct-Terminate-Cause Callback 16 VALUE Acct-Terminate-Cause User-Error 17 VALUE Acct-Terminate-Cause Host-Request 18 The following simple script produces a list of termination causes seen. Note that this script does not remove duplicates, so it provides only an approximate count. cat /var/adm/radacct/*/detail | grep Acct-Terminate-Cause|\ sort | uniq -c TERMINATE REASONS: Here are the syslog messages and their meanings. Where a message would also go to RADIUS Accounting, the Acct-Terminate-Cause is included in the syslog message before the dash. In normal operation you would expect to see User-Request, Host-Request, and Lost-Carrier, although Lost-Carrier can be caused by the user hanging up his end of the connection or by line or modem problems. Admin Reset Port was reset by administrator. Also sent to RADIUS Accounting if a session was active on the port. Callback Callback User is disconnected so the port can be used to call user back. Cause Unknown Contact Lucent Technical Support. Host Request - PMD Disconnected or logged out from host using in.pmd service. This can mean either normal termination of a login session, or the remote host has crashed or become unreachable. Also sent to RADIUS Accounting. Host Request Disconnected or logged out from host. This can mean either normal termination of a login session, or the remote host has crashed or become unreachable. Also sent to RADIUS Accounting. Idle Timeout Idle timer expired for user or port. Also sent to RADIUS Accounting. Login Timeout The login:, password:, or host: prompt is set to timeout after five minutes with no input and has done so. Lost Carrier Session terminated when modem dropped DCD(Data Carrier Detect). This can either mean the user or his modem hung up the phone from their end, in which case there is no problem, or can mean that the line was dropped or took a noise hit too severe for the modems to recover from, or can mean that the local modem dropped DCD for some other reason. Also sent to RADIUS Accounting. Lost Service - Interface Down Contact Lucent Technical Support. Lost Service - Interface Error Contact Lucent Technical Support. Lost Service - Invalid Network Handle Contact Lucent Technical Support. Lost Service - LMI A Frame Relay interface missed six consecutive LMI replies. Lost Service - No netbufs No netbufs are available for service. Contact Lucent Technical Support. NAS Error - PPP Unknown State The PortMaster could not determine state of PPP. Contact Lucent Technical Support. NAS Request - Modem Config Complete The Modem table entry has finished initializing the modem attached to the port. NAS Request - PPP Maximum Retransmissions PPP negotiations failed after the PortMaster sent 10 configuration requests. This is caused by a configuration error on the client, PortMaster, or RADIUS user entry. No Event Identified Contact Lucent Technical Support. Port Error - PPP Couldn't Send The PortMaster could not send PPP negotiation. Check that the port and modems at both ends are properly configured for hardware flow control (RTS/CTS); if the problem still occurs, contact Lucent Technical Support. Port Error - PPP Loop Detect The PortMaster saw its own Magic Number in an LCP (Link Configuration Protocol) Configuration Request. The two most likely causes are either that our modem is in echo mode or that we dialed into a UNIX system and it is echoing our packets back to us. In the former case, correct the configuration in the modem. In the latter case, change the chat script in the location table entry on the PortMaster to expect "~" instead of "PPP". Port Error - Spurious Interrupts Attached device is causing too many interrupts, so the PortMaster reset the port. Also sent to RADIUS Accounting if a session was active on the port. Port Error - Unknown State Contact Lucent Technical Support. Port Error - Wrong Type Port is configured for login users only and a network user is trying to log in, or vice versa. To configure ports appropriately: set all login Login users only set all network dialin Network users only set all login network dialin Both Service Unavailable - Access Denied The port Access Filter does not permit connection to requested host. If you get this message and you wish to allow a connection to the host:
Service Unavailable - Auth Failed Three attempts by the user to authenticate at the login: prompt have failed, so the user is disconnected. Service Unavailable - Device Port is set for host device but in.pmd or the pseudo-tty configured is unavailable. This gets logged once per second until the situation is corrected. Service Unavailable - Host Login session was unable to connect to host. The most common cause is that the host is down or refusing connections or not running in.pmd or rlogind. Service Unavailable - PPP Auth Failed Contact Lucent Technical Support. Service Unavailable - PPP CHAP Auth Failed The user's PPP CHAP authentication failed. Service Unavailable - PPP No Protocol Neither IP nor IPX was negotiated for PPP, so no service can be provided. This is a configuration error for either the dial-in client or the user entry. Service Unavailable - PPP Outbound PAP Auth Failed PortMaster dialed out to another site and was being authenticated by PAP but failed, so the PortMaster is hanging up. (Note that if we are authenticated by CHAP and fail, it is the responsibility of the other end to hang up.) Service Unavailable - PPP PAP Auth Failed The user's PPP PAP authentication failed. Session Timeout Session timer expired for user. Also sent to RADIUS Accounting. User Error - PPP LCP Protocol Reject The PortMaster received a LCP Protocol Reject. This should never happen; it indicates there is a bug in the software of the remote system since the remote system is claiming it does not support LCP. User Error - PPP NCP Active to Reply PortMaster received a PPP Configuration ACK when a session was already established, so it terminated the session. This is caused by a PPP implementation error in the dial-in client. Also sent to RADIUS Accounting. User Error - PPP NCP Active to Request PortMaster received a PPP Configuration Request when a session was already established, so it terminated the session. This is caused by a PPP implementation error in the dial-in client. Also sent to RADIUS Accounting. User Request - Admin Quit Quit command issued from the command line interface. User Request - PPP Term Ack Dial-in client requested that we terminate immediately without sending an acknowledgment. This message is expected from a proper PPP client termination. Also sent to RADIUS Accounting. User Request - PPP Term Req Dial-in client requested that we send a Termination ACK and then terminate. This
message is expected from a proper PPP client termination. Also sent to RADIUS
Accounting. |